diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index 4d1f1147f84..77d708d5ea1 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -40,7 +40,7 @@ jobs: echo $GITHUB_ENV - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index 1f984efa2ea..9eeff5b4009 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + - uses: styfle/cancel-workflow-action@3155a141048f8f89c06b4cdae32e7853e97536bc # 0.13.0 with: workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml index 35143d98b28..bc997de2a1c 100644 --- a/.github/workflows/fetch-oas.yml +++ b/.github/workflows/fetch-oas.yml @@ -22,7 +22,7 @@ jobs: file-type: [yaml, json] steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: release/${{ env.release_version }} diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index e033e2da335..9e2bdbffea4 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -22,12 +22,12 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: - node-version: '24.12.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.13.0' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive fetch-depth: 0 diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 5ed6e25a993..9c76101ba80 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -41,14 +41,20 @@ jobs: "tests/notifications_test.py", "tests/tool_config.py", "openapi-validatator", - ] os: [alpine, debian] + v3_feature_locations: [true, false] + exclude: + # standalone create endpoint page is gone in v3 + - v3_feature_locations: true + test-case: "tests/endpoint_test.py" fail-fast: false + env: + DD_V3_FEATURE_LOCATIONS: ${{ matrix.v3_feature_locations }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # load docker images from build jobs - name: Load images from artifacts diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index ad67880be21..aa597df9605 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -22,12 +22,12 @@ jobs: os: debian steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Minikube uses: manusa/actions-setup-minikube@b589f2d61bf96695c546929c72b38563e856059d # v2.14.0 with: - minikube version: 'v1.37.0' # renovate: datasource=github-releases depName=kubernetes/minikube + minikube version: 'v1.38.0' # renovate: datasource=github-releases depName=kubernetes/minikube kubernetes version: ${{ matrix.k8s }} driver: docker start args: '--addons=ingress --cni calico' diff --git a/.github/workflows/release-1-create-pr.yml b/.github/workflows/release-1-create-pr.yml index 39d7d4453e4..d6e5cb34f9e 100644 --- a/.github/workflows/release-1-create-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -40,7 +40,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout from_branch branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.from_branch }} @@ -58,7 +58,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout release branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.NEW_BRANCH }} @@ -93,7 +93,7 @@ jobs: grep -H version helm/defectdojo/Chart.yaml - name: Run helm-docs - uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 + uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1 with: chart-search-root: "helm/defectdojo" diff --git a/.github/workflows/release-2-tag-docker-push.yml b/.github/workflows/release-2-tag-docker-push.yml index 112e8ccecbd..e9a6c319848 100644 --- a/.github/workflows/release-2-tag-docker-push.yml +++ b/.github/workflows/release-2-tag-docker-push.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: master diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index ce757d875a4..fe3f840dd97 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -23,7 +23,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout master - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: master @@ -40,7 +40,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.NEW_BRANCH }} @@ -81,7 +81,7 @@ jobs: yq -i '.annotations."artifacthub.io/changes" = ""' helm/defectdojo/Chart.yaml - name: Run helm-docs - uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 + uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1 with: chart-search-root: "helm/defectdojo" @@ -115,7 +115,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout master - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: master @@ -132,7 +132,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ env.NEW_BRANCH }} @@ -157,7 +157,7 @@ jobs: yq -i '.annotations."artifacthub.io/changes" = ""' helm/defectdojo/Chart.yaml - name: Run helm-docs - uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 + uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1 with: chart-search-root: "helm/defectdojo" diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 5f1b5968be3..3df2f8ad9ba 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Create Release id: create_release - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 + uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 with: version: ${{ inputs.version }} env: diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index 8e73c08b6e7..4636b1d3672 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -52,13 +52,13 @@ jobs: run: echo "DOCKER_ORG=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout tag - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.release_number }} diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index 0ee1d731bbf..8cb11fbb197 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.release_number }} fetch-depth: 0 diff --git a/.github/workflows/release-x-manual-merge-container-digests.yml b/.github/workflows/release-x-manual-merge-container-digests.yml index 27cafd21731..e7b846b30a5 100644 --- a/.github/workflows/release-x-manual-merge-container-digests.yml +++ b/.github/workflows/release-x-manual-merge-container-digests.yml @@ -48,7 +48,7 @@ jobs: merge-multiple: true - name: Login to DockerHub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/release-x-manual-tag-as-latest.yml b/.github/workflows/release-x-manual-tag-as-latest.yml index 2424dc436a2..4852843adb5 100644 --- a/.github/workflows/release-x-manual-tag-as-latest.yml +++ b/.github/workflows/release-x-manual-tag-as-latest.yml @@ -37,7 +37,7 @@ jobs: run: echo "DOCKER_ORG=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/release-x-nightly.yml b/.github/workflows/release-x-nightly.yml index d10f1d87050..5acd3953485 100644 --- a/.github/workflows/release-x-nightly.yml +++ b/.github/workflows/release-x-nightly.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.branch-to-build }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 08206d44b17..22cf11cd8df 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: validate - uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 + uses: suzuki-shunsuke/github-action-renovate-config-validator@ca480cb7ec89a9e1cd8c214ad33bda1617184027 # v2.0.0 with: strict: "true" - validator_version: 42.71.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.92.5 # renovate: datasource=github-releases depName=renovatebot/renovate diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index 9dac672a9f6..50a1442a4d2 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -6,12 +6,14 @@ on: platform: type: string default: "linux/amd64" + v3_feature_locations: + type: boolean + default: false jobs: unit_tests: name: Rest Framework Unit Tests runs-on: ${{ inputs.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }} - strategy: matrix: os: [alpine, debian] @@ -25,7 +27,7 @@ jobs: echo $GITHUB_ENV - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -53,10 +55,11 @@ jobs: # no celery or initializer needed for unit tests - name: Unit tests - timeout-minutes: 20 + timeout-minutes: 25 run: docker compose up --no-deps --exit-code-from uwsgi uwsgi env: DJANGO_VERSION: ${{ matrix.os }} + DD_V3_FEATURE_LOCATIONS: ${{ inputs.v3_feature_locations }} - name: Logs if: failure() diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 3eb100c8b58..2f71cdaa4be 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Ruff Linter run: pip install -r requirements-lint.txt diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index e42f9a46e2d..e136364e038 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 2de8dc737cd..67309c2cc7d 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false fetch-depth: 0 @@ -22,7 +22,7 @@ jobs: - name: Set up Helm uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 - - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.14 # Renovate helper is not needed here @@ -38,7 +38,7 @@ jobs: with: version: 3.14.0 # renovate: datasource=github-releases depName=helm/chart-testing yamale_version: 6.1.0 # renovate: datasource=pypi depName=yamale versioning=semver - yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver + yamllint_version: 1.38.0 # renovate: datasource=pypi depName=yamllint versioning=semver - name: Determine target branch id: ct-branch-target @@ -111,7 +111,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -129,14 +129,14 @@ jobs: git commit -m "ci: update Chart annotations from PR #${{ github.event.pull_request.number }}" || echo "No changes to commit" - name: Run helm-docs (update) - uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 + uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1 if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/') with: chart-search-root: "helm/defectdojo" git-push: true - name: Run helm-docs (check) - uses: losisin/helm-docs-github-action@a57fae5676e4c55a228ea654a1bcaec8dd3cf5b5 # v1.6.2 + uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1 if: ${{ !(startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/')) }} with: fail-on-diff: true @@ -152,10 +152,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate values schema json - uses: losisin/helm-values-schema-json-action@f3517c55537e26953c8a11be7549ea908990130d # v2.3.2 + uses: losisin/helm-values-schema-json-action@b0c5e688b224ce7c36fcf005184f1105850d8f3b # v2.4.1 with: fail-on-diff: true working-directory: "helm/defectdojo" @@ -172,7 +172,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false fetch-depth: 0 @@ -194,7 +194,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run ah lint working-directory: ./helm/defectdojo run: |- diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index e16990520df..2e36654cf4c 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -23,14 +23,16 @@ jobs: test-rest-framework: strategy: - matrix: - platform: ['linux/amd64', 'linux/arm64'] - fail-fast: false + matrix: + platform: ['linux/amd64', 'linux/arm64'] + v3_feature_locations: [ false, true ] + fail-fast: false needs: build-docker-containers uses: ./.github/workflows/rest-framework-tests.yml secrets: inherit with: - platform: ${{ matrix.platform}} + platform: ${{ matrix.platform }} + v3_feature_locations: ${{ matrix.v3_feature_locations }} # only run integration tests for linux/amd64 (default) test-user-interface: diff --git a/.github/workflows/update-sample-data.yml b/.github/workflows/update-sample-data.yml index 6c5fd95ec4f..8164ec51803 100644 --- a/.github/workflows/update-sample-data.yml +++ b/.github/workflows/update-sample-data.yml @@ -16,7 +16,7 @@ jobs: steps: # Checkout the repository - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref_name || 'dev'}} @@ -43,7 +43,7 @@ jobs: git push --set-upstream origin $(git rev-parse --abbrev-ref HEAD) - name: Create Pull Request - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update sample data" diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 6645999a10f..0877a1910a7 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -17,12 +17,12 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: - node-version: '24.12.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.13.0' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} @@ -30,7 +30,7 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive fetch-depth: 0 diff --git a/Dockerfile.django-alpine b/Dockerfile.django-alpine index cd24ca38d4b..fd86be0de06 100644 --- a/Dockerfile.django-alpine +++ b/Dockerfile.django-alpine @@ -5,7 +5,7 @@ # Dockerfile.nginx to use the caching mechanism of Docker. # Ref: https://devguide.python.org/#branchstatus -FROM python:3.13.11-alpine3.22@sha256:ab45bd32143151fe060d48218b91df43a289166e72ec7877823b1c972580bed3 AS base +FROM python:3.13.11-alpine3.22@sha256:2fd93799bfc6381d078a8f656a5f45d6092e5d11d16f55889b3d5cbfdc64f045 AS base FROM base AS build WORKDIR /app RUN \ diff --git a/Dockerfile.django-debian b/Dockerfile.django-debian index 12e0b48b0fc..60b1bd54cdb 100644 --- a/Dockerfile.django-debian +++ b/Dockerfile.django-debian @@ -5,7 +5,7 @@ # Dockerfile.nginx to use the caching mechanism of Docker. # Ref: https://devguide.python.org/#branchstatus -FROM python:3.13.11-slim-trixie@sha256:1f3781f578e17958f55ada96c0a827bf279a11e10d6a458ecb8bde667afbb669 AS base +FROM python:3.13.11-slim-trixie@sha256:51e1a0a317fdb6e170dc791bbeae63fac5272c82f43958ef74a34e170c6f8b18 AS base FROM base AS build WORKDIR /app RUN \ diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 4bd2caea2aa..f56ee270b72 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -1,9 +1,9 @@ # code: language=Dockerfile -FROM openapitools/openapi-generator-cli:v7.18.0@sha256:be5c0a17c978ed4c39985312af3129882407581e07f2e3167cf777c908ffd52b AS openapitools +FROM openapitools/openapi-generator-cli:v7.19.0@sha256:b9e7ad71a9f9406bd810378a939755fad114747a767e29bbf83ef9364d5f9dc0 AS openapitools # currently only supports x64, no arm yet due to chrome and selenium dependencies -FROM python:3.13.11-slim-trixie@sha256:1f3781f578e17958f55ada96c0a827bf279a11e10d6a458ecb8bde667afbb669 AS build +FROM python:3.13.11-slim-trixie@sha256:51e1a0a317fdb6e170dc791bbeae63fac5272c82f43958ef74a34e170c6f8b18 AS build WORKDIR /app RUN \ apt-get -y update && \ diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 03a6e9c5a31..32de71d0c64 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -5,7 +5,7 @@ # Dockerfile.django-alpine to use the caching mechanism of Docker. # Ref: https://devguide.python.org/#branchstatus -FROM python:3.13.11-alpine3.22@sha256:ab45bd32143151fe060d48218b91df43a289166e72ec7877823b1c972580bed3 AS base +FROM python:3.13.11-alpine3.22@sha256:2fd93799bfc6381d078a8f656a5f45d6092e5d11d16f55889b3d5cbfdc64f045 AS base FROM base AS build WORKDIR /app RUN \ diff --git a/README.md b/README.md index f9d2511b07c..418226bf8ef 100644 --- a/README.md +++ b/README.md @@ -32,18 +32,12 @@ deduplication, remediation, and reporting. Pro Edition: [pro.demo.defectdojo.com](https://pro.demo.defectdojo.com) -Community Edition: [demo.defectdojo.org](https://demo.defectdojo.org) +OWASP Community Edition: [demo.defectdojo.org](https://demo.defectdojo.org) Either demo enviornment can be logged into with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demos are publicly accessible and reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload some [sample scan reports](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans). -## Quick Start for Compose V2 - -From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/). - -Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous -docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using -`docker compose` instead of `docker-compose`. +## Quick Start for Docker Compose ```sh # Clone the project @@ -65,18 +59,6 @@ docker compose up -d docker compose logs initializer | grep "Admin password:" ``` -## For Docker Compose V1 - -You can run Compose V1 by calling `docker-compose` (by adding the hyphen (-) between `docker compose`). - -Following commands are using original version so you might need to adjust them: -```sh -docker/docker-compose-check.sh -docker/entrypoint-initializer.sh -docker/setEnv.sh -``` - -Navigate to `http://localhost:8080` to see your new instance! ## Documentation @@ -91,21 +73,21 @@ Navigate to `http://localhost:8080` to see your new instance! ## Supported Installation Options -* [SaaS](https://cloud.defectdojo.com/accounts/onboarding/plg_step_1) - New UI, addittional features, includes support & supports the project -* [Docker / Docker Compose](readme-docs/DOCKER.md) +* Pro - SaaS or self-hosted (via K8s or docker compose). [Speak to our team](https://defectdojo.com/contact) or [sign-up for SaaS directly](https://cloud.defectdojo.com/accounts/onboarding/plg_step_1) +* OS - [docker compose](readme-docs/DOCKER.md) ## Community, Getting Involved, and Updates -[Slack](https://owasp.org/slack/invite) +[Dojo](https://community-defectdojo.tightknit.community/) +[Slack](https://join.slack.com/t/defectdojocommunity/shared_invite/zt-3l9028wlf-ezDB29D_MIh9ShXdesCHZA) [LinkedIn](https://www.linkedin.com/company/defectdojo) -[Twitter](https://twitter.com/defectdojo) +[Twitter](https://x.com/defectdojo) [Youtube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) -[Join the OWASP Slack Community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in -our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on -[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and -[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates! +Checkout our new [Community Portal](https://community-defectdojo.tightknit.community/) and join the DefectDojo community on [Slack](https://join.slack.com/t/defectdojocommunity/shared_invite/zt-3l9028wlf-ezDB29D_MIh9ShXdesCHZA)! + +Follow DefectDojo on [LinkedIn](https://www.linkedin.com/company/defectdojo), [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ), and [X](https://twitter.com/defectdojo) for platform updates! ## Contributing @@ -113,7 +95,7 @@ Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for detail ## Pro Edition -[Upgrade to DefectDojo Pro!](https://defectdojo.com/pricing) Pro transcends the do-it-yourself approach of open-source: A new UI, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: [defectdojo.com/pricing](https://defectdojo.com/pricing). +[Upgrade to DefectDojo Pro!](https://defectdojo.com/pricing) Pro transcends the do-it-yourself approach of open-source: A new UI, risk-based vulnerability management, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: [defectdojo.com/pricing](https://defectdojo.com/pricing). Alternatively, for information please email hello@defectdojo.com @@ -128,7 +110,6 @@ Core Moderators can help you with pull requests or feedback on dev ideas: * Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci)) Moderators can help you with pull requests or feedback on dev ideas: -* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill)) * Blake Owens ([@blakeaowens](https://github.com/blakeaowens)) ## Hall of Fame @@ -148,6 +129,11 @@ Moderators can help you with pull requests or feedback on dev ideas: Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many more. +* Jay Paz ([@jjpaz](https://github.com/grendel513)) – Jay was a DefectDojo + maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements. +* Charles Neill ([@ccneill](https://github.com/cneill)) – Charles served as a + maintainer of DefectDojo for years and wrote some of Dojo's core functionality. + ## Security diff --git a/components/package.json b/components/package.json index f652c2733ea..c25b207b862 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.54.3", + "version": "2.55.0", "license" : "BSD-3-Clause", "private": true, "dependencies": { @@ -24,7 +24,7 @@ "google-code-prettify": "^1.0.0", "jquery": "^3.7.1", "jquery-highlight": "3.5.0", - "jquery-ui": "1.14.1", + "jquery-ui": "1.14.2", "jquery.cookie": "1.4.1", "jquery.flot.tooltip": "^0.9.0", "jquery.hotkeys": "jeresig/jquery.hotkeys#master", @@ -33,7 +33,7 @@ "metismenu": "~3.0.7", "moment": "^2.30.1", "morris.js": "morrisjs/morris.js", - "pdfmake": "^0.3.0", + "pdfmake": "^0.3.3", "startbootstrap-sb-admin-2": "1.0.7" }, "engines": { diff --git a/components/yarn.lock b/components/yarn.lock index 8f2f00bbfa1..ecfd05a3377 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -287,10 +287,10 @@ jquery-highlight@3.5.0: dependencies: jquery ">= 1.0.0" -jquery-ui@1.14.1: - version "1.14.1" - resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.14.1.tgz#ba342ea3ffff662b787595391f607d923313e040" - integrity sha512-DhzsYH8VeIvOaxwi+B/2BCsFFT5EGjShdzOcm5DssWjtcpGWIMsn66rJciDA6jBruzNiLf1q0KvwMoX1uGNvnQ== +jquery-ui@1.14.2: + version "1.14.2" + resolved "https://registry.yarnpkg.com/jquery-ui/-/jquery-ui-1.14.2.tgz#515288b5c730b720acca6e53a0366827ad834053" + integrity sha512-1gSl7PUjyipa2adSr780Ujk16faicrV7PjPPzPtvWk7tTqBnsqp67NNV9jZK2+BIxUPXWSnIUU/LBCgwgGZE+Q== dependencies: jquery ">=1.12.0 <5.0.0" @@ -385,10 +385,10 @@ pdfkit@^0.17.2: linebreak "^1.1.0" png-js "^1.0.0" -pdfmake@^0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.0.tgz#b42c5af9aef4095f1310564d4a2f2d49f950cae9" - integrity sha512-sS7ow3ZrdFjlC7s4J5k3UA5IHQQbXRs6+NtdzfWDR0SvPa7+M8d69rITObFAsJ4t6iwkKRsc87Q+I/gFlTUVQg== +pdfmake@^0.3.3: + version "0.3.3" + resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.3.tgz#2705e8fabff4bf52a4a7b7ae9d93caee1b200cb7" + integrity sha512-jSnF8rVLkbLLX37bnXWRFhEDO48quE7OIg7lgWBa6ihAbpCxASaBLWFOXNxSDeLBNt92304SBwpYcPkJnIArlA== dependencies: linebreak "^1.1.0" pdfkit "^0.17.2" diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index d3d3a3cd4c1..db1da0d9d7a 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -16,6 +16,10 @@ services: DD_ADMIN_PASSWORD: "${DD_ADMIN_PASSWORD:-admin}" DD_EMAIL_URL: "smtp://mailhog:1025" celeryworker: + build: + context: . + dockerfile: Dockerfile.django-${DEFECT_DOJO_OS:-debian} + target: development entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-celery-worker-dev.sh'] volumes: - '.:/app:z' @@ -24,12 +28,20 @@ services: DD_DEBUG: 'True' DD_EMAIL_URL: "smtp://mailhog:1025" celerybeat: + build: + context: . + dockerfile: Dockerfile.django-${DEFECT_DOJO_OS:-debian} + target: development volumes: - '.:/app:z' environment: PYTHONWARNINGS: error # We are strict about Warnings during development DD_DEBUG: 'True' initializer: + build: + context: . + dockerfile: Dockerfile.django-${DEFECT_DOJO_OS:-debian} + target: development volumes: - '.:/app:z' environment: @@ -60,4 +72,4 @@ services: protocol: tcp mode: host "webhook.endpoint": - image: mccutchen/go-httpbin:2.19.0@sha256:be41c6c3772393c097e15f9f8ac381de4ce9e9841c545556af98fbe2e707c619 + image: mccutchen/go-httpbin:2.20.0@sha256:b1620821b6ff191d911629f87a720b88df5397c2554045f1cfb1ffde17c9b898 diff --git a/docker-compose.override.integration_tests.yml b/docker-compose.override.integration_tests.yml index 8d6efe954f7..24d522f73a0 100644 --- a/docker-compose.override.integration_tests.yml +++ b/docker-compose.override.integration_tests.yml @@ -36,6 +36,7 @@ services: DD_SECURE_CROSS_ORIGIN_OPENER_POLICY: 'None' DD_SECRET_KEY: "${DD_SECRET_KEY:-.}" DD_EMAIL_URL: "smtp://mailhog:1025" + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} celerybeat: environment: DD_DATABASE_URL: ${DD_TEST_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo} @@ -43,6 +44,7 @@ services: entrypoint: ['/wait-for-it.sh', '${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432}', '-t', '30', '--', '/entrypoint-celery-worker-dev.sh'] environment: DD_DATABASE_URL: ${DD_TEST_DATABASE_URL:-postgresql://defectdojo:defectdojo@postgres:5432/test_defectdojo} + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} initializer: environment: PYTHONWARNINGS: error # We are strict about Warnings during testing diff --git a/docker-compose.override.unit_tests_cicd.yml b/docker-compose.override.unit_tests_cicd.yml index 1151d43600a..ee52511b0ec 100644 --- a/docker-compose.override.unit_tests_cicd.yml +++ b/docker-compose.override.unit_tests_cicd.yml @@ -28,6 +28,7 @@ services: DD_CELERY_BROKER_PATH: '/dojo.celerydb.sqlite' DD_CELERY_BROKER_PARAMS: '' DD_JIRA_EXTRA_ISSUE_TYPES: 'Vulnerability' # Shouldn't trigger a migration error + DD_V3_FEATURE_LOCATIONS: ${DD_V3_FEATURE_LOCATIONS:-False} celerybeat: !reset celeryworker: !reset initializer: !reset diff --git a/docker-compose.yml b/docker-compose.yml index fb566f29611..d8a1b14d4a9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.1-alpine@sha256:b40d931bd0e7ce6eecc59a5a6ac3b3c04a01e559750e73e7086b6dbd7f8bf545 + image: postgres:18.1-alpine@sha256:4eb15de8e7b692c02427a2df278d18eb89422a534e428efb6d43c968250334d4 environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} diff --git a/docs/assets/images/import_scan_ui.png b/docs/assets/images/import_scan_ui.png index 851dfa95d34..ccf9a1b4aee 100644 Binary files a/docs/assets/images/import_scan_ui.png and b/docs/assets/images/import_scan_ui.png differ diff --git a/docs/assets/images/metrics_image1.png b/docs/assets/images/metrics_image1.png new file mode 100644 index 00000000000..6cc5b8f0119 Binary files /dev/null and b/docs/assets/images/metrics_image1.png differ diff --git a/docs/assets/images/metrics_image2.png b/docs/assets/images/metrics_image2.png new file mode 100644 index 00000000000..4216af8301f Binary files /dev/null and b/docs/assets/images/metrics_image2.png differ diff --git a/docs/assets/images/metrics_image3.png b/docs/assets/images/metrics_image3.png new file mode 100644 index 00000000000..31b902848a8 Binary files /dev/null and b/docs/assets/images/metrics_image3.png differ diff --git a/docs/assets/images/metrics_image4.gif b/docs/assets/images/metrics_image4.gif new file mode 100644 index 00000000000..b13835114f5 Binary files /dev/null and b/docs/assets/images/metrics_image4.gif differ diff --git a/docs/assets/images/metrics_image6.png b/docs/assets/images/metrics_image6.png new file mode 100644 index 00000000000..1e2bbfdcab6 Binary files /dev/null and b/docs/assets/images/metrics_image6.png differ diff --git a/docs/assets/images/updated-dojo-chop.png b/docs/assets/images/updated-dojo-chop.png new file mode 100644 index 00000000000..c69904b7ada Binary files /dev/null and b/docs/assets/images/updated-dojo-chop.png differ diff --git a/docs/assets/images/x_logo.jpg b/docs/assets/images/x_logo.jpg new file mode 100644 index 00000000000..cf44cd38143 Binary files /dev/null and b/docs/assets/images/x_logo.jpg differ diff --git a/docs/assets/js/custom.js b/docs/assets/js/custom.js index c5525d04e5e..f6cb612dd0c 100644 --- a/docs/assets/js/custom.js +++ b/docs/assets/js/custom.js @@ -1 +1,60 @@ -// Put your custom JS code here +// custom js + + +// version toggler +(() => { + "use strict"; + + console.log("[VersionToggle] custom.js loaded"); + + const setVersion = (version) => { + console.log("[VersionToggle] Setting version to:", version); + + document.querySelectorAll(".version-opensource, .version-pro").forEach(el => { + el.style.display = el.classList.contains(`version-${version}`) ? "" : "none"; + }); + + localStorage.setItem("version", version); + console.log("[VersionToggle] localStorage updated:", localStorage.getItem("version")); + + // Update dropdown + const selects = document.querySelectorAll("#version-select"); + selects.forEach(sel => { + sel.value = version; + sel.dataset.version = version; + sel.style.visibility = "visible"; + }); + + // unhide sidebar after version is applied + const sidebar = document.querySelector(".docs-sidebar"); + if (sidebar) { + sidebar.style.visibility = "visible"; + console.log("[VersionToggle] Sidebar revealed"); + } + }; + + const initVersionToggle = () => { + const storedVersion = localStorage.getItem("version") || "opensource"; + console.log("[VersionToggle] Stored version:", storedVersion); + setVersion(storedVersion); + }; + + // Delegated listener on body + document.body.addEventListener("change", (e) => { + if (e.target && e.target.id === "version-select") { + console.log("[VersionToggle] Dropdown changed to:", e.target.value); + setVersion(e.target.value); + } + }); + + // Run on DOM ready + window.addEventListener("DOMContentLoaded", initVersionToggle); + + // MutationObserver to detect dynamically replaced sidebar + const observer = new MutationObserver(() => { + // Re-run init to make sure menus match stored version + initVersionToggle(); + }); + observer.observe(document.body, { childList: true, subtree: true }); + +})(); diff --git a/docs/assets/scss/common/_custom.scss b/docs/assets/scss/common/_custom.scss index e3429be7722..d16f34214b7 100644 --- a/docs/assets/scss/common/_custom.scss +++ b/docs/assets/scss/common/_custom.scss @@ -43,4 +43,38 @@ .DocSearch-Modal { position: fixed !important; } +} + +.logo-darkmode { + display: none; +} + +[data-bs-theme="dark"] .logo-lightmode { + display: none; +} + +[data-bs-theme="dark"] .logo-darkmode { + display: inline-block; +} + +html { + font-size: 85%; /* scales all rem/em fonts */ +} + +/* Hide sidebar until version is resolved */ +.docs-sidebar { + visibility: hidden; +} + + +#version-select[data-version="opensource"] { + background-color: #003964b7; + border: 2px solid #003864; + color: white; +} + +#version-select[data-version="pro"] { + background-color: #a84e32b7; + border: 2px solid #a84e32; + color: white; } \ No newline at end of file diff --git a/docs/config/_default/menus/menus.en.toml b/docs/config/_default/menus/menus.en.toml index 2189b85513a..58752fbcba0 100644 --- a/docs/config/_default/menus/menus.en.toml +++ b/docs/config/_default/menus/menus.en.toml @@ -1,28 +1,48 @@ [[main]] - name = "Docs Home" - url = "/en/about_defectdojo/about_docs/" + name = "Get started ⏷" + url = "/get_started/about/about_defectdojo" weight = 10 [[main]] - name = "Supported Tools" - url = "/supported_tools/" - weight = 11 + name = "Import data ⏷" + url = "/import_data/import_intro/comparison/" + weight = 12 [[main]] - name = "Pro Features" - url = "/en/about_defectdojo/pro_features" + name = "Triage Findings ⏷" + url = "/triage_findings/findings_workflows/intro_to_findings/" weight = 12 [[main]] - name = "Changelog" - url = "/en/changelog/changelog/" + name = "Model your assets ⏷" + url = "/asset_modelling/hierarchy/pro__assets_organizations/" weight = 13 [[main]] - name = "Support" - url = "/en/about_defectdojo/contact_defectdojo_support" + name = "Metrics & reports ⏷" + url = "/metrics_reports/dashboards/introduction_dashboard/" weight = 14 +[[main]] + name = "Admin ⏷" + url = "/admin/admin_intro/intro/" + weight = 16 + +[[main]] + name = "Issue tracking ⏷" + url = "/issue_tracking/intro/intro/" + weight = 15 + +[[main]] + name = "Automation ⏷" + url = "/automation/api/api-v2-docs/" + weight = 15 + +[[main]] + name = "Supported tools ⏷" + url = "/supported_tools/" + weight = 16 + [[social]] name = "YouTube" pre = '' diff --git a/docs/config/_default/params.toml b/docs/config/_default/params.toml index 876e6d44e2f..36331f1428b 100644 --- a/docs/config/_default/params.toml +++ b/docs/config/_default/params.toml @@ -44,9 +44,21 @@ mainSections = ["docs"] bootstrapJavascript = false # false (default) or true # Nav - sectionNav = ["docs", "en", "supported_tools"] # ["docs"] (default) or list of sections (e.g. ["docs", "guides"]) + sectionNav = [ + "docs", + "en", + "supported_tools", + "get_started", + "import_data", + "triage_findings", + "metrics_reports", + "admin", + "automation", + "asset_modelling", + "issue_tracking"] # ["docs"] (default) or list of sections (e.g. ["docs", "guides"]) + toTopButton = false # false (default) or true - breadcrumbTrail = true # false (default) or true + breadcrumbTrail = false # false (default) or true headlineHash = true # true (default) or false scrollSpy = true # true (default) or false diff --git a/docs/content/admin/admin_intro/_index.md b/docs/content/admin/admin_intro/_index.md new file mode 100644 index 00000000000..8452f739bba --- /dev/null +++ b/docs/content/admin/admin_intro/_index.md @@ -0,0 +1,16 @@ +--- +title: "Intro" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/admin/admin_intro/intro.md b/docs/content/admin/admin_intro/intro.md new file mode 100644 index 00000000000..eef83cdd763 --- /dev/null +++ b/docs/content/admin/admin_intro/intro.md @@ -0,0 +1,9 @@ +--- +title: "DefectDojo Admin Controls" +description: "Administrative controls for configuring, securing, and maintaining your DefectDojo instance." +weight: 0 +--- + +Admin actions in DefectDojo provide the controls needed to configure and maintain the platform across your organization. These actions are designed for administrators who are responsible for user management, system configuration, and ensuring DefectDojo operates securely and reliably at scale. + +Administrative actions allow you to manage core aspects of DefectDojo, including authentication methods, user access, global settings, and integrations. From initial setup to ongoing maintenance, these controls define how DefectDojo behaves and how users interact with it. \ No newline at end of file diff --git a/docs/content/en/customize_dojo/notifications/_index.md b/docs/content/admin/notifications/_index.md similarity index 93% rename from docs/content/en/customize_dojo/notifications/_index.md rename to docs/content/admin/notifications/_index.md index 218ba05ea85..3c6eb3a19d5 100644 --- a/docs/content/en/customize_dojo/notifications/_index.md +++ b/docs/content/admin/notifications/_index.md @@ -6,8 +6,6 @@ lastmod: 2023-09-07T16:06:50+02:00 draft: false weight: 7 chapter: true -sidebar: - collapsed: true seo: title: "" # custom title (optional) description: "" # custom description (recommended) diff --git a/docs/content/en/customize_dojo/notifications/about_notifications.md b/docs/content/admin/notifications/about_notifications.md similarity index 97% rename from docs/content/en/customize_dojo/notifications/about_notifications.md rename to docs/content/admin/notifications/about_notifications.md index 1426d42ac5d..cb27b5e0995 100644 --- a/docs/content/en/customize_dojo/notifications/about_notifications.md +++ b/docs/content/admin/notifications/about_notifications.md @@ -74,4 +74,4 @@ For more information about this behavior see the [related pull request #9699](ht ### Webhooks (experimental) -DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/en/open_source/notification_webhooks/how_to). +DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/open_source/notification_webhooks/how_to). diff --git a/docs/content/en/customize_dojo/notifications/configure_personal_notifs.md b/docs/content/admin/notifications/configure_personal_notifs.md similarity index 100% rename from docs/content/en/customize_dojo/notifications/configure_personal_notifs.md rename to docs/content/admin/notifications/configure_personal_notifs.md diff --git a/docs/content/en/customize_dojo/notifications/configure_system_notifs.md b/docs/content/admin/notifications/configure_system_notifs.md similarity index 100% rename from docs/content/en/customize_dojo/notifications/configure_system_notifs.md rename to docs/content/admin/notifications/configure_system_notifs.md diff --git a/docs/content/en/customize_dojo/notifications/email_slack_teams.md b/docs/content/admin/notifications/email_slack_teams.md similarity index 100% rename from docs/content/en/customize_dojo/notifications/email_slack_teams.md rename to docs/content/admin/notifications/email_slack_teams.md diff --git a/docs/content/en/customize_dojo/user_management/_index.md b/docs/content/admin/user_management/_index.md similarity index 93% rename from docs/content/en/customize_dojo/user_management/_index.md rename to docs/content/admin/user_management/_index.md index d7ef4c307e1..e35cf318f4b 100644 --- a/docs/content/en/customize_dojo/user_management/_index.md +++ b/docs/content/admin/user_management/_index.md @@ -7,8 +7,6 @@ lastmod: 2023-09-07T16:06:50+02:00 draft: false weight: 5 chapter: true -sidebar: - collapsed: true seo: title: "" # custom title (optional) description: "" # custom description (recommended) diff --git a/docs/content/en/customize_dojo/user_management/about_perms_and_roles.md b/docs/content/admin/user_management/about_perms_and_roles.md similarity index 100% rename from docs/content/en/customize_dojo/user_management/about_perms_and_roles.md rename to docs/content/admin/user_management/about_perms_and_roles.md diff --git a/docs/content/en/customize_dojo/user_management/audit_logging.md b/docs/content/admin/user_management/audit_logging.md similarity index 100% rename from docs/content/en/customize_dojo/user_management/audit_logging.md rename to docs/content/admin/user_management/audit_logging.md diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/admin/user_management/configure_sso.md similarity index 98% rename from docs/content/en/customize_dojo/user_management/configure_sso.md rename to docs/content/admin/user_management/configure_sso.md index e86eb3fb1f5..67d804d6e7d 100644 --- a/docs/content/en/customize_dojo/user_management/configure_sso.md +++ b/docs/content/admin/user_management/configure_sso.md @@ -16,7 +16,7 @@ Users can connect to DefectDojo with a Username and Password, but if you prefer, All of these methods can only be configured by a Superuser in DefectDojo. DefectDojo Pro users can quickly set up SSO through their system settings, while Open Source users will need to configure these settings on the back-end by setting an environment variable within Docker. This article covers both methods of configuration. -**NOTE: DefectDojo Pro users will all need to add the IP addresses of SAML or SSO services to their Firewall whitelist. See [Firewall Rules](/en/cloud_management/using-cloud-manager/#changing-your-firewall-settings) for more information.** +**NOTE: DefectDojo Pro users will all need to add the IP addresses of SAML or SSO services to their Firewall whitelist. See [Firewall Rules](/get_started/pro/cloud/using-cloud-manager/#changing-your-firewall-settings) for more information.** ## Disable username / password use You may wish to disable traditional username/password login on your instance. @@ -70,7 +70,7 @@ Both DefectDojo Pro ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](/en/open_source/installation/configuration/)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](/get_started/open_source/configuration/)). 1. Fill out the variables as follows: {{< highlight python >}} @@ -143,7 +143,7 @@ When a user is removed from a given group in Azure AD, they will also be removed ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables @@ -215,7 +215,7 @@ Both DefectDojo Pro ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables {{< highlight python >}} @@ -261,7 +261,7 @@ Follow along below. ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables {{< highlight python >}} @@ -323,7 +323,7 @@ In order to use Google Authentication, a Google Authentication Server will need ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables @@ -407,7 +407,7 @@ This guide assumes you already have a KeyCloak Realm set up. If not, you will n ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables @@ -495,7 +495,7 @@ Both DefectDojo Pro ### Open-Source -Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). 1. Set the following environment variables @@ -621,7 +621,7 @@ The left side of the ‘=’ sign represents the attribute you want to map from ### Open-Source SAML 1. Navigate to your SAML IdP and find your metadata. -2. Set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)). +2. Set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/get_started/open_source/configuration)). {{< highlight python >}} DD_SAML2_ENABLED=(bool, **True**), diff --git a/docs/content/en/customize_dojo/user_management/create_user_group.md b/docs/content/admin/user_management/create_user_group.md similarity index 100% rename from docs/content/en/customize_dojo/user_management/create_user_group.md rename to docs/content/admin/user_management/create_user_group.md diff --git a/docs/content/admin/user_management/pro_permissions_overhaul.md b/docs/content/admin/user_management/pro_permissions_overhaul.md new file mode 100644 index 00000000000..ba174ac7eee --- /dev/null +++ b/docs/content/admin/user_management/pro_permissions_overhaul.md @@ -0,0 +1,52 @@ +--- +title: "Set Permissions in Pro" +description: "Overhaul, pro feature" +weight: 3 +audience: pro +--- + +## Introduction to Permission Types + +Individual users have four different kinds of permission that they can be assigned: + +* Users can be assigned as **Members to Products or Product Types**. This allows them to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on the role they are assigned on the specific Product. Users can have multiple Product or Product Type memberships, with different levels of access. +​ +* Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types. +​ +* Users can be assigned **Global Roles**, which give them a standardized level of access to all Products and Product Types. +​ +* Users can be set up as **Superusers**: administrator level roles which give them control and access to all DefectDojo data and configuration. + +You can also create Groups if you want to assign Product Membership, Configuration Permissions or Global Roles to a group of users at the same time. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups may be a more helpful feature. + +## Superusers \& Global Roles + +Part of your Role\-Based Access Control (RBAC) configuration may require you to create additional Superusers, or users with Global Roles. + +* Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts. +* Users with Global Roles can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. For more information about each Role and associated privileges, please refer to our Introduction to Roles article. +* Users can also have specific Configuration Permissions assigned, allowing them to access certain DefectDojo configuration pages. Users have no Configuration Permissions by default. + +By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user. + +Permissions in DefectDojo Pro have been simplified, to make it easier to assign object access. This feature can be accessed through the [Pro UI](/get_started/about/ui_pro_vs_os/). + +### Opening the Permissions window + +![image](images/pro_permissions.png) + +When looking at Product Type or Product, you can open the Permissions window to set permissions quickly. This menu can be found in a Table by clicking the horizontal dots **"⋮"**. IF looking at an individual **Product** or **Product Type** page, this menu can be found under the blue gear ‘⚙️’. + +## Setting Permissions through the permissions window + +![image](images/pro_permissions_2.png) + +1. At the top of this window, you can choose to manage permissions for an individual user or for a [user group](../create_user_group). +2. Here, you can select a user or group to add to the Product, and select the [Role](../about_perms_and_roles) that you want that user to have. +3. On the lower table, you can see a list of all users or groups who have access to this object. You can also quickly assign a new role for one of these users or groups from the drop-down menu. + +## Setting Configuration Permissions through the User view + +A user's configuration permissions can now be set in a more user-friendly approach. From the Users View, all configuration permissions are displayed in a dropdown, then grouped by the permission type. If the selection of configuration permissions is different from their current value, an “Update Configuration Permissions” button is displayed. When clicked, the user will be asked to confirm they would like to update the permissions for the selected group before an update is made. + +![image](images/pro_user_view.png) diff --git a/docs/content/en/customize_dojo/user_management/set_user_permissions.md b/docs/content/admin/user_management/set_user_permissions.md similarity index 97% rename from docs/content/en/customize_dojo/user_management/set_user_permissions.md rename to docs/content/admin/user_management/set_user_permissions.md index 4c81d381913..538cde02d26 100644 --- a/docs/content/en/customize_dojo/user_management/set_user_permissions.md +++ b/docs/content/admin/user_management/set_user_permissions.md @@ -2,6 +2,7 @@ title: "Set a User's permissions" description: "How to grant Roles & Permissions to a user, as well as superuser status" weight: 2 +audience: opensource --- ## Introduction to Permission Types @@ -42,7 +43,7 @@ By default, the first account created on a new DefectDojo instance will have Sup 4. From the Edit User page: ​ -For Superuser Status, check off the ☑️Superuser Status box, located in the user's Default Information. +For Superuser Status, check off the ☑️ Superuser Status box, located in the user's Default Information. ​ To assign a Global Role, select one from the dropdown Global Role menu at the bottom of the page. ​ @@ -118,7 +119,7 @@ Configuration Permissions are not related to a specific Product or Product Type * **Finding Templates:** Access to the Findings \> Finding Templates page * **Groups**: Access the 👤Users \> Groups page * **Jira Instances:** Access the ⚙️Configuration \> JIRA page -* **Language Types**:Access the [Language Types](/en/open_source/languages/) API endpoint +* **Language Types**:Access the [Language Types](/open_source/languages/) API endpoint * **Login Banner**: Edit the ⚙️Configuration \> Login Banner page * **Announcements**: Access ⚙️Configuration \> Announcements * **Note Types:** Access the ⚙️Configuration \> Note Types page diff --git a/docs/content/en/customize_dojo/user_management/user_permission_chart.md b/docs/content/admin/user_management/user_permission_chart.md similarity index 100% rename from docs/content/en/customize_dojo/user_management/user_permission_chart.md rename to docs/content/admin/user_management/user_permission_chart.md diff --git a/docs/content/en/working_with_findings/_index.md b/docs/content/asset_modelling/_index.md similarity index 74% rename from docs/content/en/working_with_findings/_index.md rename to docs/content/asset_modelling/_index.md index cd8d34e560c..850ae7f8369 100644 --- a/docs/content/en/working_with_findings/_index.md +++ b/docs/content/asset_modelling/_index.md @@ -1,5 +1,5 @@ --- -title: "🚩 Work With Findings" +title: "Organize DefectDojo" date: 2021-02-02T20:46:29+01:00 draft: false type: docs diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/_index.md b/docs/content/asset_modelling/engagements_tests/_index.md similarity index 53% rename from docs/content/en/working_with_findings/organizing_engagements_tests/_index.md rename to docs/content/asset_modelling/engagements_tests/_index.md index d1823bda407..a61b559371c 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/_index.md +++ b/docs/content/asset_modelling/engagements_tests/_index.md @@ -1,10 +1,8 @@ --- -title: "Organizing Data" +title: "Engagements & Tests" date: 2021-02-02T20:46:29+01:00 draft: false -weight: 4 type: docs -sidebar: - collapsed: false +weight: 1 exclude_search: true --- diff --git a/docs/content/en/working_with_findings/sla_configuration.md b/docs/content/asset_modelling/hierarchy/OS__sla_configuration.md similarity index 79% rename from docs/content/en/working_with_findings/sla_configuration.md rename to docs/content/asset_modelling/hierarchy/OS__sla_configuration.md index 3a9bc1e0781..5dc7957adb5 100644 --- a/docs/content/en/working_with_findings/sla_configuration.md +++ b/docs/content/asset_modelling/hierarchy/OS__sla_configuration.md @@ -2,11 +2,12 @@ title: "SLA Configuration" description: "Configure Service Level Agreements for different Products" weight: 2 +audience: opensource --- Each Product in DefectDojo can have its own Service Level Agreement (SLA) configuration, which represents the days your organization has to remediate or otherwise manage a Finding. -SLA can be set based on either **[Finding Severity](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/#findings)** or **[Finding Risk](/en/working_with_findings/finding_priority/)** (in DefectDojo Pro). +SLA can be set based on either **[Finding Severity](/asset_modelling/hierarchy/product_hierarchy/#findings)** or **[Finding Risk](/asset_modelling/hierarchy/pro__priority_sla/)** (in DefectDojo Pro). ![image](images/sla_multiple.png) @@ -17,9 +18,9 @@ SLAs apply a countdown of days to a Finding based on the day that the Finding wa You can use SLAs as a way to represent your organizations remediation policies. You can also use them as a way to prioritize the longest-active, most critical Findings in your DefectDojo instance. * You can sort or filter Finding tables by SLA days. -* SLA violations can be configured to trigger [Notifications](/en/customize_dojo/notifications/about_notifications/) to DefectDojo users assigned to the related Product. -* In **DefectDojo Pro**, SLA performance is also tracked on the [Executive Insights and Remediation](/en/customize_dojo/dashboards/pro_dashboards/) Metrics Dashboards. -* SLA compliance can also be used to create custom [Dashboard Tiles](/en/customize_dojo/dashboards/about_custom_dashboard_tiles/#sla-violation-tile) in **DefectDojo Pro**. +* SLA violations can be configured to trigger [Notifications](/admin/notifications/about_notifications/) to DefectDojo users assigned to the related Product. +* In **DefectDojo Pro**, SLA performance is also tracked on the [Executive Insights and Remediation](/metrics_reports/pro_metrics/pro__overview/) Metrics Dashboards. +* SLA compliance can also be used to create custom [Dashboard Tiles](/metrics_reports/dashboards/about_custom_dashboard_tiles/#sla-violation-tile) in **DefectDojo Pro**. ### Mitigated Within SLA status @@ -41,7 +42,7 @@ In DefectDojo Pro, one or more SLA Configurations are managed under the **Config ![image](images/pro_sla_risk.png) -SLA Configurations can only be edited by Superusers or by a user with the corresponding [Configuration Permission](/en/customize_dojo/user_management/user_permission_chart/#configuration-permission-chart). +SLA Configurations can only be edited by Superusers or by a user with the corresponding [Configuration Permission](/admin/user_management/user_permission_chart/#configuration-permission-chart). ### Configuring SLA @@ -71,6 +72,6 @@ Once a new SLA has been selected for a Product, all of the associated Findings' ## Notes on SLAs -* SLAs can be optionally restarted once a [Risk Accepted](/en/working_with_findings/findings_workflows/risk_acceptances/) Finding reactivates. This is set when creating the Risk Acceptance by setting the **Restart SLA Expired** field. +* SLAs can be optionally restarted once a [Risk Accepted](/triage_findings/findings_workflows/risk_acceptances/) Finding reactivates. This is set when creating the Risk Acceptance by setting the **Restart SLA Expired** field. * Reimporting a Finding does not restart the SLA - SLAs are always calculated from when a Finding was first detected unless **Restart SLA on Finding Reactivation** is enabled. * Risk Acceptance expiry or reactivation of a Closed Finding are the only ways to reset or recalculate an SLA for a Finding once it is created (without changing the Product's SLA configuration). diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/source-code-repositories.md b/docs/content/asset_modelling/hierarchy/OS__source-code-repositories.md similarity index 98% rename from docs/content/en/working_with_findings/organizing_engagements_tests/source-code-repositories.md rename to docs/content/asset_modelling/hierarchy/OS__source-code-repositories.md index c1d9766e456..dfd25c66c6b 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/source-code-repositories.md +++ b/docs/content/asset_modelling/hierarchy/OS__source-code-repositories.md @@ -1,8 +1,9 @@ --- title: "Link Findings to source code" -description: "Integration of repositories to navigate to the locaction of findings in the source code." +description: "Integration of repositories to navigate to the location of findings in the source code." draft: false weight: 5 +audience: opensource --- Certain tools (particularly SAST tools) will include the associated file name and line number in vulnerability data. If the repository of the source code is specified in the Engagement, DefectDojo will present the filepath as a link and the user can navigate directly to the location of the vulnerability. diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations.md b/docs/content/asset_modelling/hierarchy/PRO__assets_organizations.md similarity index 94% rename from docs/content/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations.md rename to docs/content/asset_modelling/hierarchy/PRO__assets_organizations.md index 877097c74d1..65c56d584b5 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations.md +++ b/docs/content/asset_modelling/hierarchy/PRO__assets_organizations.md @@ -1,6 +1,8 @@ --- -title: "⚠️ Assets and Organizations (Pro)" +title: "Assets and Organization structure" description: "DefectDojo Pro - Product Hierarchy Overhaul" +audience: pro +weight: 1 --- DefectDojo Pro is extending the Product/Product Type object classes to provide greater flexibility with the data model. @@ -62,7 +64,7 @@ Core Application [Organization] └── nginx ``` -In this diagram, every element under "Core Application" could be recorded as a separate Asset, with unique business criticality (see: [Priority & Risk](/en/working_with_findings/priority_adjustments/)), RBAC, and corresponding Engagements and Tests. You could continue to test, and store results, on the parent Asset (for example, `webapp-backend`), but you could also run isolated testing on a particular child Asset (for example, `database`). +In this diagram, every element under "Core Application" could be recorded as a separate Asset, with unique business criticality (see: [Priority & Risk](/asset_modelling/hierarchy/pro__priority_sla/#prioritization-engines/)), RBAC, and corresponding Engagements and Tests. You could continue to test, and store results, on the parent Asset (for example, `webapp-backend`), but you could also run isolated testing on a particular child Asset (for example, `database`). ### Pen Tests: Isolated RBAC diff --git a/docs/content/asset_modelling/hierarchy/PRO__priority_sla.md b/docs/content/asset_modelling/hierarchy/PRO__priority_sla.md new file mode 100644 index 00000000000..75abb100e54 --- /dev/null +++ b/docs/content/asset_modelling/hierarchy/PRO__priority_sla.md @@ -0,0 +1,264 @@ +--- +title: "Assign Priority, Risk and SLAs" +description: "How DefectDojo ranks your Findings" +weight: 1 +audience: pro +--- + +![image](images/pro_finding_priority.png) + +Effective risk-based vulnerability management requires an approach that considers +both business context and technical exploitability. Using DefectDojo Pro’s Priority and Risk feature, users can automatically sort Findings into a meaningful context, ensuring +high-impact vulnerabilities can be addressed first. + +**Priority** is a calculated numerical rank applied to all Findings in your DefectDojo +instance. It allows you to quickly understand vulnerabilities in context, especially within +large organizations that are overseeing security needs for many Findings and/or +Products. + +**Risk** is a 4-level ranking system which factors in a Finding’s exploitability to a greater +degree. This is meant as a less granular, more ’executive-level’ version of Priority. + +![image](images/pro_risk_example.png) + +Priority and Risk values can be used with other filters to compare Findings in any context, such as: + +* within a single Product, Engagement or Test +* globally in all DefectDojo Products +* between a few specific Products + +Applying Finding Priority and Risk helps your team respond to the most relevant +vulnerabilities in your organization, and also provides a framework to assist in +compliance with regulatory standards. + + +Learn more about Priority and Risk with DefectDojo Inc's May 2025 Office Hours: + + + +## How Priority & Risk are calculated +The range of Priority values is from 0 to 1150. The higher the number, the more urgency +the Finding is to triage or remediate. + +Similar to Severity, Risk is scored from Low -> Medium -> Needs Action -> Urgent. **Risk** considers Priority fields and may be different from a tool's reported Severity as a result. + +![image](images/priority-overview.png) + +## Priority Fields: Product-Level + +Each Product in DefectDojo has metadata that tracks business criticality and risk +factors. This metadata is used to help calculate Priority and Risk for any associated +Findings. + +All of these metadata fields can be set on the **Edit Product** form for a given Product. + +![image](images/priority_edit_product.png) + +* **Criticality** can be set to any value of None, Very Low, Low, Medium, High, or Very +High. Criticality is a subjective field, so when assigning this field, consider how the +Product compares to other Products in your organization. +* **User Records** is a numerical estimation of user records in a database (or a system +that can access that database). +* **Revenue** is a numerical estimation of annual revenue for the Product. To calculate Priority, DefectDojo will calculate a percentage by comparing this Product's revenue to the sum of all Products within the Product Type. + +It is not possible to set a currency type in DefectDojo, so make sure that all of your Revenue +estimations have the same currency denomination. (“50000” could mean $50,000 +US Dollars or ¥50,000 Japanese Yen - the denomination does not matter as long as +all of your Products have revenue calculated in the same currency). +* **External Audience** is a true/false value - set this to True if this Product can be +accessed by an external audience. For example, customers, users, or anyone +outside of your organization. +* **Internet Accessible** is a true/false value. If this Product can connect to the open +internet, you should set this value to True. + +Priority is a ‘relative’ calculation, which is meant to compare different Products within +your DefectDojo instance. It is ultimately up to your organization to decide how these +filters are set. These values should be as accurate as possible, but the primary goal is +to highlight your key Products so that you can prioritize vulnerabilities according to your +organization’s policies, so these fields do not necessarily need to be set perfectly. + +## Priority Fields: Finding-Level + +Findings within a Product can have additional metadata which can further adjust the Finding’s Priority and Risk level: + +* Whether or not the Finding has an EPSS score, this is automatically added to Findings and kept up to date for Pro users +* How many Endpoints in the Product are affected by this Finding +* Whether or not a Finding is Under Review +* Whether the Finding is in the KEV (Known Exploited Vulnerabilities) database, which is checked by DefectDojo on a regular basis +* The tool-reported Severity of a Finding (Info, Low, Medium, High, Critical) + + +## Finding Risk Calculation + +![image](images/risk_table.png) + +The Risk column on a Findings table is another way to quickly prioritize Findings. Risk is calculated using a Finding's Priority level, but also factors in a Finding's exploitability to a greater degree. This is meant as a less granular, more 'executive-level' version of Priority. + +The four assignable Risk levels are: + +![image](images/pro_risk_levels.png) + +A Finding's EPSS / exploitability is much more emphasized in the Risk calculation. As a result, a Finding can have both a high priority and a low risk value. + +As with Finding Priority, the Risk calculation cannot currently be adjusted. + +## Priority Insights Dashboard + +Users can take an executive-level view of Priority and Risk in their environment using +the Priority Insights Dashboard (Metrics > Priority Insights in the sidebar) + +![image](images/priority_dashboard.png) + +This dashboard can be filtered to include specific Products or date ranges. As with +other Pro dashboards, this dashboard can be exported from DefectDojo as a PDF to +quickly produce a report. + +## Setting Priority & Risk for Regulatory Compliance + +This is a non-exhaustive list of regulatory standards that specifically require +vulnerability prioritization methods: + +* [SOX (Sarbanes-Oxley Act](https://www.sarbanes-oxley-act.com/)) compliance requires revenue-based prioritization for +systems impacting financial data. In DefectDojo, a system’s revenue can be entered +at the Product level. +* [PCI DSS](https://www.pcisecuritystandards.org/standards/pci-dss/) compliance requires prioritization based on risk ratings and criticality to +cardholder data environments. Business Criticality and External Audience can be +set at the Product level, while DefectDojo’s Finding-level EPSS sync supports PCI’s +risk-based approach. +* [NIST SP 800-40](https://csrc.nist.gov/pubs/sp/800/40/r4/final) is a preventative maintenance guide which specifically calls for +vulnerability prioritization based on business impact, product criticality and +internet accessibility factors. All of these can be set at DefectDojo’s Product level. +* [ISO 27001/27002](https://www.iso.org/standard/27001) Control A.12.6.1 compliance requires management of technical +vulnerabilities with Priority based on risk assessment. +* [GDPR Article 32](https://gdpr-info.eu/art-32-gdpr/) requires risk-based security measures - user records and external +audience flags at the Product level can help prioritize systems in your organization +that process personal data. +* [FISMA/FedRAMP](https://help.fedramp.gov/hc/en-us) compliance require continuous monitoring and risk-based vulnerability remediation. + +DefectDojo Pro's Priority and Risk calculations can be adjusted, allowing you to tailor DefectDojo Pro to match your internal standards for Finding Priority and Risk. + +## Prioritization Engines + +Similar to SLA configurations, Prioritization Engines allow you to set the rules governing how Priority and Risk are calculated. + +![image](images/priority_default.png) + +DefectDojo comes with a built-in Prioritization Engine, which is applied to all Products. However, you can edit this Prioritization Engine to change the weighting of **Finding** and **Product** multipliers, which will adjust how Finding Priority and Risk are assigned. + +### Finding Multipliers + +Eight contextual factors impact the Priority score of a Finding. Three of these are Finding-specific, and the other five are assigned based on the Product that holds the Finding. + +You can tune your Prioritization Engine by adjusting how these factors are applied to the final calculation. + +![image](images/priority_sliders.png) + +Select a factor by clicking the button, and adjust this slider allows you to control the percentage a particular factor is applied. As you adjust the slider, you'll see the Risk thresholds change as a result. + +#### Finding-Level Multipliers + +* **Severity** - a Finding's Severity level +* **Exploitability** - a Finding's KEV and/or EPSS score +* **Endpoints** - the amount of Endpoints associated with a Finding + +#### Product-Level Multipliers + +* **Business Criticality** - the related Product's Business Criticality (None, Very Low, Low, Medium, High, or Very +High) +* **User Records** - the related Product's User Records count +* **Revenue** - the related Product's revenue, relative to the total revenue of the Product Type +* **External Audience** - whether or not the related Product has an external audience +* **Internet Accessible** - whether or not the related Product is internet accessible + +### Risk Thresholds + +Based on the tuning of the Priority Engine, DefectDojo will automatically recommend Risk Thresholds. However, these thresholds can be adjusted as well and set to whatever values you deem appropriate. + +![image](images/risk_threshold.png) + +## Creating New Prioritization Engines + +You can use multiple Prioritization Engines, which can each be assigned to different Products. + +![image](images/priority_engine_new.png) + +Creating a new Prioritization Engine will open the Prioritization Engine form. Once this form is submitted, a new Prioritization Engine will be added to the table. + +## Assigning Prioritization Engines to Products + +Each Product can have a Prioritization Engine currently in use via the **Edit Product** form for a given Product. + +![image](images/priority_chooseengine.png) + +Note that when a Product's Prioritization Engine is changed, or a Prioritization Engine is updated, the Product's Prioritization Engine or the Prioritization Engine itself will be "Locked" until the prioritization calculation has completed. + +Each Product in DefectDojo can have its own Service Level Agreement (SLA) configuration, which represents the days your organization has to remediate or otherwise manage a Finding. + +SLA can be set based on either **[Finding Severity](/asset_modelling/hierarchy/product_hierarchy/#findings)** or **[Finding Risk](/asset_modelling/hierarchy/pro__priority_sla/)** (in DefectDojo Pro). + +![image](images/sla_multiple.png) + +SLAs apply a countdown of days to a Finding based on the day that the Finding was created in DefectDojo. If a Finding is not Closed within the countdown, the Finding will be labeled as in breach of SLA. + +## Working with SLAs + +You can use SLAs as a way to represent your organizations remediation policies. You can also use them as a way to prioritize the longest-active, most critical Findings in your DefectDojo instance. + +* You can sort or filter Finding tables by SLA days. +* SLA violations can be configured to trigger [Notifications](/admin/notifications/about_notifications/) to DefectDojo users assigned to the related Product. +* In **DefectDojo Pro**, SLA performance is also tracked on the [Executive Insights and Remediation](/metrics_reports/pro_metrics/pro__overview/) Metrics Dashboards. +* SLA compliance can also be used to create custom [Dashboard Tiles](/metrics_reports/dashboards/about_custom_dashboard_tiles/#sla-violation-tile) in **DefectDojo Pro**. + +### Mitigated Within SLA status + +If a Finding is successfully Mitigated by the SLA deadline, the Finding will record a ✅ green check mark in the Mitigated Within SLA column. + +![image](images/sla_mitigated_within.png) + +If a Finding was Mitigated, but not before the SLA was violated, the Finding will record a ❌ red X in the Mitigated Within SLA column. + +### Breaching SLAs + +When an SLA for a given Finding is violated (the Finding is not Closed within the SLA timeline) the ✅ green check will switch to a ❌ red X. The SLA will continue to be tracked with a negative number, to represent how many days the SLA has been breached by. + +![image](images/sla_breached.png) + +## Managing SLA Configurations (Pro) + +In DefectDojo Pro, one or more SLA Configurations are managed under the **Configuration > Service Level Agreements** part of the sidebar. You can create a **New Service Level Agreement** or work with existing SLA configurations from the **All Service Level Agreements** page. + +![image](images/pro_sla_risk.png) + +SLA Configurations can only be edited by Superusers or by a user with the corresponding [Configuration Permission](/admin/user_management/user_permission_chart/#configuration-permission-chart). + +### Configuring SLA + +SLA configurations contain the days assigned to each **Severity** or **Risk** value of DefectDojo. + +![image](images/pro_new_sla.png) + +Each Service Level Agreement can have a unique name, along with an optional description. + +**Restart SLA on Finding Reactivation**: if enabled, this option will start an SLA over when a Finding is Reopened. Otherwise, the SLA will be based on when the Finding was created. + +When editing an SLA, you can choose whether that SLA will use **Severity** or **Risk** as a benchmark for assigning Days To Remediate. This is done by selecting the related option from the **Service Level configuration Type** section of the form. + +From here, you can set the number of days allowed for each **Severity** or **Risk** level. You can also selectively enforce SLAs; by unchecking the **Enforce ___ Finding Days** you can ignore SLA calculation for those levels of Severity or Risk. + +## Apply an SLA Configuration to a Product (Pro) + +Newly created Products in DefectDojo will always apply the **Default SLA Configuration**, which can be set to different values if you wish. + +If you have SLA configurations, you can choose which of these is applied to your Product from the **Edit Product** form. + +![image](images/pro_sla_product.png) + +### SLA Recalculation + +Once a new SLA has been selected for a Product, all of the associated Findings' SLAs will need to be recalculated by DefectDojo. While this process is running, a Product's SLA cannot be changed. + +## Notes on SLAs + +* SLAs can be optionally restarted once a [Risk Accepted](/triage_findings/findings_workflows/risk_acceptances/) Finding reactivates. This is set when creating the Risk Acceptance by setting the **Restart SLA Expired** field. +* Reimporting a Finding does not restart the SLA - SLAs are always calculated from when a Finding was first detected unless **Restart SLA on Finding Reactivation** is enabled. +* Risk Acceptance expiry or reactivation of a Closed Finding are the only ways to reset or recalculate an SLA for a Finding once it is created (without changing the Product's SLA configuration). diff --git a/docs/content/en/working_with_findings/finding_deduplication/_index.md b/docs/content/asset_modelling/hierarchy/_index.md similarity index 63% rename from docs/content/en/working_with_findings/finding_deduplication/_index.md rename to docs/content/asset_modelling/hierarchy/_index.md index 4a35b777b6a..8a33bb5eda6 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/_index.md +++ b/docs/content/asset_modelling/hierarchy/_index.md @@ -1,10 +1,10 @@ --- -title: "Finding Deduplication" +title: "Asset Hierarchy" date: 2021-02-02T20:46:29+01:00 draft: false type: docs weight: 3 sidebar: - collapsed: true + collapsed: false exclude_search: true --- diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/product_health_grade.md b/docs/content/asset_modelling/hierarchy/product_health_grade.md similarity index 100% rename from docs/content/en/working_with_findings/organizing_engagements_tests/product_health_grade.md rename to docs/content/asset_modelling/hierarchy/product_health_grade.md diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md b/docs/content/asset_modelling/hierarchy/product_hierarchy.md similarity index 99% rename from docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md rename to docs/content/asset_modelling/hierarchy/product_hierarchy.md index 093ba1d90e0..77458d98df1 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md +++ b/docs/content/asset_modelling/hierarchy/product_hierarchy.md @@ -2,6 +2,7 @@ title: "Product Hierarchy: Overview" description: "Understand Product Types, Products, Engagements, Tests and Findings" weight: 1 +audience: opensource --- DefectDojo uses five main data classes to organize your work: **Product Types, Products**, **Engagements**, **Tests**, and **Findings**. diff --git a/docs/content/asset_modelling/tags/OS__tagging_objects.md b/docs/content/asset_modelling/tags/OS__tagging_objects.md new file mode 100644 index 00000000000..e9f5f7fcfb3 --- /dev/null +++ b/docs/content/asset_modelling/tags/OS__tagging_objects.md @@ -0,0 +1,149 @@ +--- +title: "Tagging Objects" +description: "Use Tags to create a new slice of your data model" +draft: false +weight: 2 +exclude_search: false +audience: opensource +--- + +Tags are ideal for grouping objects in a manner that can be filtered out into smaller, more digestible chunks. They can be used to denote status, or to create custom sets of Product Type, Products, Engagements or Findings across the data model. + +In DefectDojo, tags are a first class citizen and are recognized as the facilitators +of organization within each level of the data model. + +Here is an example with a Product with two tags and four findings each with a single tag: + +![High level example of usage with tags](images/tags-high-level-example.png) + +### Tag Formats + +Tags can be formatted in any of the following ways: +- StringWithNoSpaces +- string-with-hyphens +- string_with_underscores +- colons:acceptable + +## Tag Management + +### Adding and Removing + +Tags can be managed in the following ways: + +1. Creating or Editing new objects + + When a new object is created or edited through the UI or API, there is a field for specifying + the tags to be set on a given object. This field is a multiselect field that also has + auto completion to make searching and adding existing tags a breeze. Here is what the field + looks like on the Product from the screenshot in the previous section: + + ![Tag management on an object](images/tags-management-on-object.png) + +2. Import and Reimport + + Tags can also be applied to a given test at the time of import or reimport. This is a very + handy use case when importing via the API with automation as it provides an opportunity to + append automation run details and tool information that may not be captured in the test + or finding object directly. + + The field looks and behaves exactly as it does on a given object + +3. Bulk Edit Menu (Findings only) + + When needing to update many Findings with the same set of tags, the bulk edit menu can be + used to ease the burden. + + In the following example, lets say I want to update the tags of the two findings with the tag "tag-group-alpha" to be a new tag list like this ["tag-group-charlie", "tag-group-delta"]. + First I would select the tags to be updated: + + ![Select findings for bulk edit tag update](images/tags-select-findings-for-bulk-edit.png) + + Once a finding is selected, a new button appears with the name "Bulk Edit". Clicking this button + produces a dropdown menu with many options, but the focus is just on tags for now. Update the + field to have the desired tag list as follows, and click submit + + ![Apply changes for bulk edit tag update](images/tags-bulk-edit-submit.png) + + The tags on the selected Findings will be updated to whatever was specified in the tags field + within the bulk edit menu + + ![Completed bulk edit tag update](images/tags-bulk-edit-complete.png) + +## Tag Inheritance + +When Tag Inheritance is enabled, tags applied to a given Product will automatically be applied to all objects under Products in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/). + +### Configuration + +Tag Inheritance can be enabled at the following scope levels: +- Global Scope + - Every Product system wide will begin applying tags to all children objects (Engagements, Tests and Findings) + - This is set within the System Settings +- Product Scope + - Only the selected Product will begin applying tags to all children objects (Engagements, Tests and Findings) + - This is set at the Product creation/edit page + +### Behaviors + +When Tag Inheritance is enabled, standard Tags can be added to and removed from objects in the standard way. +However inherited tags cannot be removed from a child object without removing them from the parent object +See the following example of adding a tag "test_only_tag" to the Test object and a tag "engagement_only_tag" to the Engagement. + +![Example of inherited tags](images/tags-inherit-exmaple.png) + +When updates are made to the tag list on a Product, the same changes are made to all objects within the Product asynchronously. The duration of this task directly correlates to the number the objects contained within a finding. + +**Open-Source:** If Tag changes are not observed within a reasonable time period, consult the celery worker logs to identify where any problems might have arisen. + + +### Filtering for Tags (Classic UI) + +Tags can be filtered in many ways through both the UI and the API. For example, here is a snippet +of the Finding filters: + +![Snippet of the finding filters](images/tags-finding-filter-snippet.png) + +There are ten fields related to tags: + + - Tags: filter on any tags that are attached to a given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "B" + - Finding Will *not* be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "F" + - Not Tags: filter on any tags that are *not* attached to a given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "F" + - Finding Will *not* be returned + - Finding Tags: ["A", "B", "C"] + - Filter Query: "B" + - Tag Name Contains: filter on any tags that contain part or all of the query in the given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "et" (part of "Beta") + - Finding Will *not* be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "meg" (part of "Omega") + - Not Tags: filter on any tags that do *not* contain part or all of the query in the given Finding + - Examples: + - Finding will be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "meg" (part of "Omega") + - Finding Will *not* be returned + - Finding Tags: ["Alpha", "Beta", "Charlie"] + - Filter Query: "et" (part of "Beta") + +For the other six tag filters, they follow the same rules as "Tags" and "Not Tags" as above, +but at different levels in the data model: + + - Tags (Test): filter on any tags that are attached to the Test of a given Finding + - Not Tags (Test): filter on any tags that are *not* attached to the Test of a given Finding + - Tags (Engagement): filter on any tags that are attached to the Engagement of a given Finding + - Not Tags (Engagement): filter on any tags that are *not* attached to the Engagement of a given Finding + - Tags (Product): filter on any tags that are attached to the Product of a given Finding + - Not Tags (Product): filter on any tags that are *not* attached to the Product of a given Finding diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/tagging_objects.md b/docs/content/asset_modelling/tags/PRO__tagging_objects copy.md similarity index 95% rename from docs/content/en/working_with_findings/organizing_engagements_tests/tagging_objects.md rename to docs/content/asset_modelling/tags/PRO__tagging_objects copy.md index d551f07de0b..cc729ee5141 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/tagging_objects.md +++ b/docs/content/asset_modelling/tags/PRO__tagging_objects copy.md @@ -1,15 +1,16 @@ --- -title: "Tags" +title: "Tagging Objects" description: "Use Tags to create a new slice of your data model" draft: false weight: 2 exclude_search: false +audience: pro --- Tags are ideal for grouping objects in a manner that can be filtered out into smaller, more digestible chunks. They can be used to denote status, or to create custom sets of Product Type, Products, Engagements or Findings across the data model. In DefectDojo, tags are a first class citizen and are recognized as the facilitators -of organization within each level of the [data model](../product_hierarchy). +of organization within each level of the data model. Here is an example with a Product with two tags and four findings each with a single tag: @@ -48,8 +49,6 @@ Tags can be managed in the following ways: ![bulk editing findings](images/Bulk_Editing_Findings.png) - For more information, see our guide to [Bulk Editing Findings](/en/working_with_findings/findings_workflows/editing_findings/#bulk-edit-findings). - ## Tag Management (Classic UI / OpenSource) @@ -100,7 +99,7 @@ Tags can be managed in the following ways: **Pro UI note: though Tag inheritance can be configured using the Pro UI, inherited Tags currently can only be accessed and filtered for through the Classic UI or the API.** -When Tag Inheritance is enabled, tags applied to a given Product will automatically be applied to all objects under Products in the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/Product_hierarchy). +When Tag Inheritance is enabled, tags applied to a given Product will automatically be applied to all objects under Products in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/). ### Configuration diff --git a/docs/content/asset_modelling/tags/_index.md b/docs/content/asset_modelling/tags/_index.md new file mode 100644 index 00000000000..9e85b155376 --- /dev/null +++ b/docs/content/asset_modelling/tags/_index.md @@ -0,0 +1,8 @@ +--- +title: "Tags" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +weight: 1 +exclude_search: true +--- diff --git a/docs/content/en/changelog/_index.md b/docs/content/automation/api/_index.md similarity index 93% rename from docs/content/en/changelog/_index.md rename to docs/content/automation/api/_index.md index e0913288e2e..c415210e8d4 100644 --- a/docs/content/en/changelog/_index.md +++ b/docs/content/automation/api/_index.md @@ -1,5 +1,5 @@ --- -title: "📝 Changelog" +title: "Automation" description: "" summary: "" date: 2023-09-07T16:06:50+02:00 diff --git a/docs/content/en/api/api-v2-docs.md b/docs/content/automation/api/api-v2-docs.md similarity index 96% rename from docs/content/en/api/api-v2-docs.md rename to docs/content/automation/api/api-v2-docs.md index 819138bf43a..df8ba8b6d70 100644 --- a/docs/content/en/api/api-v2-docs.md +++ b/docs/content/automation/api/api-v2-docs.md @@ -188,7 +188,7 @@ Some of the api wrappers contain quite a bit of logic to ease scanning and impor ## Import Importing via the API is performed via the [import-scan](https://demo.defectdojo.org/api/v2/doc/) endpoint. -As described in the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy), Test gets created inside an Engagement, inside a Product, inside a Product Type. +As described in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/), Test gets created inside an Engagement, inside a Product, inside a Product Type. An import can be performed by specifying the names of these entities in the API request: @@ -207,7 +207,7 @@ An import can be performed by specifying the names of these entities in the API } ``` -When `auto_create_context` is `True`, the product, engagement, and environment will be created if needed. Make sure your user has sufficient [permissions](/en/customize_dojo/user_management/about_perms_and_roles/) to do this. +When `auto_create_context` is `True`, the product, engagement, and environment will be created if needed. Make sure your user has sufficient [permissions](/admin/user_management/about_perms_and_roles/) to do this. A classic way of importing a scan is by specifying the ID of the engagement instead: @@ -243,7 +243,7 @@ A reimport can be performed by specifying the names of these entities in the API } ``` -When `auto_create_context` is `True`, the Product Type, Product and Engagement will be created if they do not already exist. Make sure your user has sufficient [permissions](/en/customize_dojo/user_management/about_perms_and_roles/) to create a Product/Product Type. +When `auto_create_context` is `True`, the Product Type, Product and Engagement will be created if they do not already exist. Make sure your user has sufficient [permissions](/admin/user_management/about_perms_and_roles/) to create a Product/Product Type. When `do_not_reactivate` is `True`, the importing/reimporting will ignore uploaded active findings and not reactivate previously closed findings, while still creating new findings if there are new ones. You will get a note on the finding to explain that it was not reactivated for that reason. diff --git a/docs/content/en/api/_index.md b/docs/content/automation/rules_engine/_index.md similarity index 91% rename from docs/content/en/api/_index.md rename to docs/content/automation/rules_engine/_index.md index c49a452ad0b..25a5b4b104f 100644 --- a/docs/content/en/api/_index.md +++ b/docs/content/automation/rules_engine/_index.md @@ -1,5 +1,5 @@ --- -title: "🤖 API Documentation" +title: "Rules Engine" description: "" summary: "" date: 2023-09-07T16:06:50+02:00 diff --git a/docs/content/en/customize_dojo/rules_engine.md b/docs/content/automation/rules_engine/about.md similarity index 91% rename from docs/content/en/customize_dojo/rules_engine.md rename to docs/content/automation/rules_engine/about.md index 22f156dd56c..86700c3853c 100644 --- a/docs/content/en/customize_dojo/rules_engine.md +++ b/docs/content/automation/rules_engine/about.md @@ -2,13 +2,14 @@ title: "Rules Engine Automation" description: "Working with Rules Engine Automation" weight: 1 +audience: pro --- Note: Rules Engine is a DefectDojo Pro-only feature. DefectDojo's Rules Engine allows you to build custom workflows and bulk actions to handle Findings and other objects. Rules Engine allows you to build automated actions that are triggered when an object matches a Rule. -Rules Engine can only be accessed through the [Pro UI](/en/about_defectdojo/ui_pro_vs_os/). +Rules Engine can only be accessed through the [Pro UI](/get_started/about/ui_pro_vs_os/). Currently, Rules can only be created for Findings, however more object types will be supported in the future. @@ -25,10 +26,10 @@ Each Rule can apply one or more of these changes to a Finding when it is trigger * Create an Alert in DefectDojo with custom text ### Filter conditions -Rules are automatically triggered when a Finding meets specific Filter conditions. For more information on Filters that can be used to create Rule Actions, see the [Filter Index](/en/working_with_findings/organizing_engagements_tests/filter_index/) page. +Rules are automatically triggered when a Finding meets specific Filter conditions. For more information on Filters that can be used to create Rule Actions, see the [Filter Index](/navigation/pro__filter_index) page. ## Creating a New Rule -Start this process from the New Rule page. In the [Pro UI](/en/about_defectdojo/ui_pro_vs_os/), under **Manage Category**, Expand the **Rules Engine** dropdown and click **+ New Rule**. +Start this process from the New Rule page. In the [Pro UI](/get_started/about/ui_pro_vs_os/), under **Manage Category**, Expand the **Rules Engine** dropdown and click **+ New Rule**. ![image](images/rules_engine_1.png) @@ -38,7 +39,7 @@ Enter a Label as the identifier for the new rule, and click Next. ![image](images/rules_engine_2.png) ### Step 2: Set trigger conditions with a Filter -You will see an All Findings table. Using the All Findings Table, set the Filter conditions to filter the set of Findings that you want your rule to apply to. For more information on applying Filters to a table, see [our guide to the Pro UI](/en/about_defectdojo/ui_pro_vs_os/#navigational-changes). +You will see an All Findings table. Using the All Findings Table, set the Filter conditions to filter the set of Findings that you want your rule to apply to. For more information on applying Filters to a table, see [our guide to the Pro UI](/get_started/about/ui_pro_vs_os/#navigational-changes). The table will preview the list of existing Findings that you have filtered. diff --git a/docs/content/en/open_source/upgrading/1.10.md b/docs/content/changelog/os_upgrading/1.10.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.10.md rename to docs/content/changelog/os_upgrading/1.10.md diff --git a/docs/content/en/open_source/upgrading/1.11.md b/docs/content/changelog/os_upgrading/1.11.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.11.md rename to docs/content/changelog/os_upgrading/1.11.md diff --git a/docs/content/en/open_source/upgrading/1.12.md b/docs/content/changelog/os_upgrading/1.12.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.12.md rename to docs/content/changelog/os_upgrading/1.12.md diff --git a/docs/content/en/open_source/upgrading/1.13.md b/docs/content/changelog/os_upgrading/1.13.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.13.md rename to docs/content/changelog/os_upgrading/1.13.md diff --git a/docs/content/en/open_source/upgrading/1.14.md b/docs/content/changelog/os_upgrading/1.14.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.14.md rename to docs/content/changelog/os_upgrading/1.14.md diff --git a/docs/content/en/open_source/upgrading/1.15.md b/docs/content/changelog/os_upgrading/1.15.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.15.md rename to docs/content/changelog/os_upgrading/1.15.md diff --git a/docs/content/en/open_source/upgrading/1.2.2.md b/docs/content/changelog/os_upgrading/1.2.2.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.2.2.md rename to docs/content/changelog/os_upgrading/1.2.2.md diff --git a/docs/content/en/open_source/upgrading/1.2.3.md b/docs/content/changelog/os_upgrading/1.2.3.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.2.3.md rename to docs/content/changelog/os_upgrading/1.2.3.md diff --git a/docs/content/en/open_source/upgrading/1.2.4.md b/docs/content/changelog/os_upgrading/1.2.4.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.2.4.md rename to docs/content/changelog/os_upgrading/1.2.4.md diff --git a/docs/content/en/open_source/upgrading/1.2.8.md b/docs/content/changelog/os_upgrading/1.2.8.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.2.8.md rename to docs/content/changelog/os_upgrading/1.2.8.md diff --git a/docs/content/en/open_source/upgrading/1.2.9.md b/docs/content/changelog/os_upgrading/1.2.9.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.2.9.md rename to docs/content/changelog/os_upgrading/1.2.9.md diff --git a/docs/content/en/open_source/upgrading/1.3.1.md b/docs/content/changelog/os_upgrading/1.3.1.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.3.1.md rename to docs/content/changelog/os_upgrading/1.3.1.md diff --git a/docs/content/en/open_source/upgrading/1.7.0.md b/docs/content/changelog/os_upgrading/1.7.0.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.7.0.md rename to docs/content/changelog/os_upgrading/1.7.0.md diff --git a/docs/content/en/open_source/upgrading/1.8.0.md b/docs/content/changelog/os_upgrading/1.8.0.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.8.0.md rename to docs/content/changelog/os_upgrading/1.8.0.md diff --git a/docs/content/en/open_source/upgrading/1.9.3.md b/docs/content/changelog/os_upgrading/1.9.3.md similarity index 100% rename from docs/content/en/open_source/upgrading/1.9.3.md rename to docs/content/changelog/os_upgrading/1.9.3.md diff --git a/docs/content/en/open_source/upgrading/2.0.md b/docs/content/changelog/os_upgrading/2.0.md similarity index 96% rename from docs/content/en/open_source/upgrading/2.0.md rename to docs/content/changelog/os_upgrading/2.0.md index f9fe4e44c59..788ee81d1b1 100644 --- a/docs/content/en/open_source/upgrading/2.0.md +++ b/docs/content/changelog/os_upgrading/2.0.md @@ -54,7 +54,7 @@ This can take a while depending on your instance size. ### Authorization -The new authorization system for Products and Product Types based on roles is the default now. The fields for authorized users are not available anymore, but you can assign roles as described in [Permissions](/en/customize_dojo/user_management/about_perms_and_roles). Users are migrated automatically, so that their permissions are as close as possible to the previous authorization: +The new authorization system for Products and Product Types based on roles is the default now. The fields for authorized users are not available anymore, but you can assign roles as described in [Permissions](/admin/user_management/about_perms_and_roles/). Users are migrated automatically, so that their permissions are as close as possible to the previous authorization: - Superusers will still have all permissions on Products and Product Types, so they must not be changed. - Staff users have had all permissions for all product types and products, so they will be get a global role as *Owner*. - Product_Members and Product Type_Members will be added for authorized users according to the settings for the previous authorization: diff --git a/docs/content/en/open_source/upgrading/2.10.md b/docs/content/changelog/os_upgrading/2.10.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.10.md rename to docs/content/changelog/os_upgrading/2.10.md diff --git a/docs/content/en/open_source/upgrading/2.12.md b/docs/content/changelog/os_upgrading/2.12.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.12.md rename to docs/content/changelog/os_upgrading/2.12.md diff --git a/docs/content/en/open_source/upgrading/2.13.md b/docs/content/changelog/os_upgrading/2.13.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.13.md rename to docs/content/changelog/os_upgrading/2.13.md diff --git a/docs/content/en/open_source/upgrading/2.15.md b/docs/content/changelog/os_upgrading/2.15.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.15.md rename to docs/content/changelog/os_upgrading/2.15.md diff --git a/docs/content/en/open_source/upgrading/2.16.md b/docs/content/changelog/os_upgrading/2.16.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.16.md rename to docs/content/changelog/os_upgrading/2.16.md diff --git a/docs/content/en/open_source/upgrading/2.17.md b/docs/content/changelog/os_upgrading/2.17.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.17.md rename to docs/content/changelog/os_upgrading/2.17.md diff --git a/docs/content/en/open_source/upgrading/2.18.md b/docs/content/changelog/os_upgrading/2.18.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.18.md rename to docs/content/changelog/os_upgrading/2.18.md diff --git a/docs/content/en/open_source/upgrading/2.19.md b/docs/content/changelog/os_upgrading/2.19.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.19.md rename to docs/content/changelog/os_upgrading/2.19.md diff --git a/docs/content/en/open_source/upgrading/2.2.md b/docs/content/changelog/os_upgrading/2.2.md similarity index 90% rename from docs/content/en/open_source/upgrading/2.2.md rename to docs/content/changelog/os_upgrading/2.2.md index d0785c9dc01..f7b1a9ea3c8 100644 --- a/docs/content/en/open_source/upgrading/2.2.md +++ b/docs/content/changelog/os_upgrading/2.2.md @@ -8,5 +8,5 @@ exclude_search: true Upgrade to 2.0.0 contained migration of endpoints. Some parts of migration haven't been done properly. This deficiency may manifest as a doubled slash in endpoint URLs (like `http://foo.bar:8080//test`) or as a problem with deduplication of the same endpoints. The mentioned bug was fixed in 2.2.0 and if you have seen these kinds of problems, just rerun -"Endpoint migration" as it is written in [Upgrading to DefectDojo Version 2.0.x.](/en/open_source/upgrading/2.0/#endpoints). +"Endpoint migration" as it is written in [Upgrading to DefectDojo Version 2.0.x.](/open_source/upgrading/2.0/#endpoints). diff --git a/docs/content/en/open_source/upgrading/2.20.md b/docs/content/changelog/os_upgrading/2.20.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.20.md rename to docs/content/changelog/os_upgrading/2.20.md diff --git a/docs/content/en/open_source/upgrading/2.21.md b/docs/content/changelog/os_upgrading/2.21.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.21.md rename to docs/content/changelog/os_upgrading/2.21.md diff --git a/docs/content/en/open_source/upgrading/2.22.md b/docs/content/changelog/os_upgrading/2.22.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.22.md rename to docs/content/changelog/os_upgrading/2.22.md diff --git a/docs/content/en/open_source/upgrading/2.23.md b/docs/content/changelog/os_upgrading/2.23.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.23.md rename to docs/content/changelog/os_upgrading/2.23.md diff --git a/docs/content/en/open_source/upgrading/2.24.md b/docs/content/changelog/os_upgrading/2.24.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.24.md rename to docs/content/changelog/os_upgrading/2.24.md diff --git a/docs/content/en/open_source/upgrading/2.25.md b/docs/content/changelog/os_upgrading/2.25.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.25.md rename to docs/content/changelog/os_upgrading/2.25.md diff --git a/docs/content/en/open_source/upgrading/2.26.md b/docs/content/changelog/os_upgrading/2.26.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.26.md rename to docs/content/changelog/os_upgrading/2.26.md diff --git a/docs/content/en/open_source/upgrading/2.27.md b/docs/content/changelog/os_upgrading/2.27.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.27.md rename to docs/content/changelog/os_upgrading/2.27.md diff --git a/docs/content/en/open_source/upgrading/2.28.md b/docs/content/changelog/os_upgrading/2.28.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.28.md rename to docs/content/changelog/os_upgrading/2.28.md diff --git a/docs/content/en/open_source/upgrading/2.29.md b/docs/content/changelog/os_upgrading/2.29.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.29.md rename to docs/content/changelog/os_upgrading/2.29.md diff --git a/docs/content/en/open_source/upgrading/2.3.md b/docs/content/changelog/os_upgrading/2.3.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.3.md rename to docs/content/changelog/os_upgrading/2.3.md diff --git a/docs/content/en/open_source/upgrading/2.30.md b/docs/content/changelog/os_upgrading/2.30.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.30.md rename to docs/content/changelog/os_upgrading/2.30.md diff --git a/docs/content/en/open_source/upgrading/2.31.md b/docs/content/changelog/os_upgrading/2.31.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.31.md rename to docs/content/changelog/os_upgrading/2.31.md diff --git a/docs/content/en/open_source/upgrading/2.32.md b/docs/content/changelog/os_upgrading/2.32.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.32.md rename to docs/content/changelog/os_upgrading/2.32.md diff --git a/docs/content/en/open_source/upgrading/2.33.md b/docs/content/changelog/os_upgrading/2.33.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.33.md rename to docs/content/changelog/os_upgrading/2.33.md diff --git a/docs/content/en/open_source/upgrading/2.34.md b/docs/content/changelog/os_upgrading/2.34.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.34.md rename to docs/content/changelog/os_upgrading/2.34.md diff --git a/docs/content/en/open_source/upgrading/2.35.md b/docs/content/changelog/os_upgrading/2.35.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.35.md rename to docs/content/changelog/os_upgrading/2.35.md diff --git a/docs/content/en/open_source/upgrading/2.36.md b/docs/content/changelog/os_upgrading/2.36.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.36.md rename to docs/content/changelog/os_upgrading/2.36.md diff --git a/docs/content/en/open_source/upgrading/2.37.md b/docs/content/changelog/os_upgrading/2.37.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.37.md rename to docs/content/changelog/os_upgrading/2.37.md diff --git a/docs/content/en/open_source/upgrading/2.38.md b/docs/content/changelog/os_upgrading/2.38.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.38.md rename to docs/content/changelog/os_upgrading/2.38.md diff --git a/docs/content/en/open_source/upgrading/2.39.md b/docs/content/changelog/os_upgrading/2.39.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.39.md rename to docs/content/changelog/os_upgrading/2.39.md diff --git a/docs/content/en/open_source/upgrading/2.4.md b/docs/content/changelog/os_upgrading/2.4.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.4.md rename to docs/content/changelog/os_upgrading/2.4.md diff --git a/docs/content/en/open_source/upgrading/2.40.md b/docs/content/changelog/os_upgrading/2.40.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.40.md rename to docs/content/changelog/os_upgrading/2.40.md diff --git a/docs/content/en/open_source/upgrading/2.41.md b/docs/content/changelog/os_upgrading/2.41.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.41.md rename to docs/content/changelog/os_upgrading/2.41.md diff --git a/docs/content/en/open_source/upgrading/2.42.md b/docs/content/changelog/os_upgrading/2.42.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.42.md rename to docs/content/changelog/os_upgrading/2.42.md diff --git a/docs/content/en/open_source/upgrading/2.43.md b/docs/content/changelog/os_upgrading/2.43.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.43.md rename to docs/content/changelog/os_upgrading/2.43.md diff --git a/docs/content/en/open_source/upgrading/2.44.1.md b/docs/content/changelog/os_upgrading/2.44.1.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.44.1.md rename to docs/content/changelog/os_upgrading/2.44.1.md diff --git a/docs/content/en/open_source/upgrading/2.44.md b/docs/content/changelog/os_upgrading/2.44.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.44.md rename to docs/content/changelog/os_upgrading/2.44.md diff --git a/docs/content/en/open_source/upgrading/2.45.md b/docs/content/changelog/os_upgrading/2.45.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.45.md rename to docs/content/changelog/os_upgrading/2.45.md diff --git a/docs/content/en/open_source/upgrading/2.46.md b/docs/content/changelog/os_upgrading/2.46.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.46.md rename to docs/content/changelog/os_upgrading/2.46.md diff --git a/docs/content/en/open_source/upgrading/2.47.md b/docs/content/changelog/os_upgrading/2.47.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.47.md rename to docs/content/changelog/os_upgrading/2.47.md diff --git a/docs/content/en/open_source/upgrading/2.48.2.md b/docs/content/changelog/os_upgrading/2.48.2.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.48.2.md rename to docs/content/changelog/os_upgrading/2.48.2.md diff --git a/docs/content/en/open_source/upgrading/2.48.md b/docs/content/changelog/os_upgrading/2.48.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.48.md rename to docs/content/changelog/os_upgrading/2.48.md diff --git a/docs/content/en/open_source/upgrading/2.49.md b/docs/content/changelog/os_upgrading/2.49.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.49.md rename to docs/content/changelog/os_upgrading/2.49.md diff --git a/docs/content/en/open_source/upgrading/2.5.md b/docs/content/changelog/os_upgrading/2.5.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.5.md rename to docs/content/changelog/os_upgrading/2.5.md diff --git a/docs/content/en/open_source/upgrading/2.50.md b/docs/content/changelog/os_upgrading/2.50.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.50.md rename to docs/content/changelog/os_upgrading/2.50.md diff --git a/docs/content/en/open_source/upgrading/2.51.md b/docs/content/changelog/os_upgrading/2.51.md similarity index 97% rename from docs/content/en/open_source/upgrading/2.51.md rename to docs/content/changelog/os_upgrading/2.51.md index 6c796b103d7..92aac433e95 100644 --- a/docs/content/en/open_source/upgrading/2.51.md +++ b/docs/content/changelog/os_upgrading/2.51.md @@ -50,8 +50,8 @@ The following Helm chart values have been modified in this release: ## GitHub Scan Type and Parser Updates The Github Vulnerability scan type and parser has been split into two disctinct scan types: -- [Github Vulnerability](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/en/connecting_your_tools/parsers/file/github_vulnerability.md) (original) -- [Github SAST](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/en/connecting_your_tools/parsers/file/github_sast.md) +- [Github Vulnerability](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/supported_tools/file/github_vulnerability.md) (original) +- [Github SAST](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/supported_tools/file/github_sast.md) The original Github Vulnerability scan type will continue to accept SCA vulnerabilities uploaded in GitHub's GraphQL format, as it has always done. It will also continue to accept SAST uploads, however we recommend upgrading to the new Github SAST scan type for uploading these types of vulnerabilities going forward. This new scan type will accept the raw JSON response from [GitHub's REST API for code scanning alerts](https://docs.github.com/en/rest/code-scanning/code-scanning). Sample Github SAST scan data can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/github_sast). diff --git a/docs/content/en/open_source/upgrading/2.52.md b/docs/content/changelog/os_upgrading/2.52.md similarity index 95% rename from docs/content/en/open_source/upgrading/2.52.md rename to docs/content/changelog/os_upgrading/2.52.md index 20eef3fb214..18aa85e15be 100644 --- a/docs/content/en/open_source/upgrading/2.52.md +++ b/docs/content/changelog/os_upgrading/2.52.md @@ -90,7 +90,7 @@ There are other instructions for upgrading to 2.52.x. Check the [Release Notes]( ## Merge of MobSF parsers -Mobsfscan Scan" has been merged into the "MobSF Scan" parser. The "Mobsfscan Scan" scan_type has been retained to keep deduplication working for existing Tests, but users are encouraged to move to the "MobSF Scan" scan_type. +"Mobsfscan Scan" has been merged into the "MobSF Scan" parser. The "Mobsfscan Scan" scan_type has been retained to keep deduplication working for existing Tests, but users are encouraged to move to the "MobSF Scan" scan_type. ## Release notes Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.52.0) for the contents of the release. diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/changelog/os_upgrading/2.53.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.53.md rename to docs/content/changelog/os_upgrading/2.53.md diff --git a/docs/content/en/open_source/upgrading/2.54.3.md b/docs/content/changelog/os_upgrading/2.54.3.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.54.3.md rename to docs/content/changelog/os_upgrading/2.54.3.md diff --git a/docs/content/en/open_source/upgrading/2.54.md b/docs/content/changelog/os_upgrading/2.54.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.54.md rename to docs/content/changelog/os_upgrading/2.54.md diff --git a/docs/content/en/open_source/upgrading/2.6.md b/docs/content/changelog/os_upgrading/2.6.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.6.md rename to docs/content/changelog/os_upgrading/2.6.md diff --git a/docs/content/en/open_source/upgrading/2.7.md b/docs/content/changelog/os_upgrading/2.7.md similarity index 92% rename from docs/content/en/open_source/upgrading/2.7.md rename to docs/content/changelog/os_upgrading/2.7.md index 526813dbb45..aa1ef6cba96 100644 --- a/docs/content/en/open_source/upgrading/2.7.md +++ b/docs/content/changelog/os_upgrading/2.7.md @@ -9,7 +9,7 @@ This release is a breaking change regarding the Choctaw Hog parser. As the maint There is another breaking change regarding the import of SSLyze scans. The parser has been renamed from `SSLyze 3 Scan (JSON)` to `SSLyze Scan (JSON)`. The data in the database is fixed by the initializer, but it may break scripted API calls. -Release 2.7.0 contains a beta functionality to make permissions for the configuration of DefectDojo more flexible. When the settings parameter `FEATURE_CONFIGURATION_AUTHORIZATION` is set to `True`, many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **Superuser** or **Staff** status, see [Configuration Permissions](/en/customize_dojo/user_management/about_perms_and_roles). +Release 2.7.0 contains a beta functionality to make permissions for the configuration of DefectDojo more flexible. When the settings parameter `FEATURE_CONFIGURATION_AUTHORIZATION` is set to `True`, many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **Superuser** or **Staff** status, see [Configuration Permissions](/admin/user_management/about_perms_and_roles/). The functionality using the flag `AUTHORIZATION_STAFF_OVERRIDE` has been removed. The same result can be achieved with giving the staff users a global Owner role. diff --git a/docs/content/en/open_source/upgrading/2.8.md b/docs/content/changelog/os_upgrading/2.8.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.8.md rename to docs/content/changelog/os_upgrading/2.8.md diff --git a/docs/content/en/open_source/upgrading/2.9.md b/docs/content/changelog/os_upgrading/2.9.md similarity index 100% rename from docs/content/en/open_source/upgrading/2.9.md rename to docs/content/changelog/os_upgrading/2.9.md diff --git a/docs/content/en/open_source/upgrading/_index.md b/docs/content/changelog/os_upgrading/_index.md similarity index 100% rename from docs/content/en/open_source/upgrading/_index.md rename to docs/content/changelog/os_upgrading/_index.md diff --git a/docs/content/en/open_source/upgrading/upgrading_guide.md b/docs/content/changelog/os_upgrading/upgrading_guide.md similarity index 100% rename from docs/content/en/open_source/upgrading/upgrading_guide.md rename to docs/content/changelog/os_upgrading/upgrading_guide.md diff --git a/docs/content/en/changelog/changelog.md b/docs/content/changelog/pro_changelog.md similarity index 97% rename from docs/content/en/changelog/changelog.md rename to docs/content/changelog/pro_changelog.md index a3561c407d5..fa3466d6505 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/changelog/pro_changelog.md @@ -6,7 +6,7 @@ exclude_search: true Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes. -For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/). +For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/open_source/upgrading/upgrading_guide/). ## Jan 2025: v2.54 @@ -43,7 +43,7 @@ No significant UX changes. ### Dec 8, 2025: v2.53.1 -* **(Assets/Organizations)** Introduced overhaul to Products/Product Types, added the ability to create and diagram relationships between Assets. See [Assets/Organizations documentation](/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations/) for details, and information on opting in to the Beta. +* **(Assets/Organizations)** Introduced overhaul to Products/Product Types, added the ability to create and diagram relationships between Assets. See [Assets/Organizations documentation](/asset_modelling/hierarchy/pro__assets_organizations/) for details, and information on opting in to the Beta. * **(Findings)** Added new KEV fields for ransomware, exploits, and date handling. * **(Pro UI)** Added Table Preferences menu, allowing you to store preset lists of columns for each table. @@ -150,7 +150,7 @@ The Pro UI has been significantly reorganized, with changes to page organization #### August 25: 2.49.3 -[Integrations](/en/share_your_findings/integrations/) has been added to DefectDojo Pro, adding an Jira-style integrations for Azure DevOps, GitHub and GitLab boards. +[Integrations](/issue_tracking/intro/intro/) has been added to DefectDojo Pro, adding an Jira-style integrations for Azure DevOps, GitHub and GitLab boards. * **(API)** Basic Auth Login has been removed from the swagger form. Only cookieAuth and tokenAuth are accepted. * **(API)** When MFA is enabled, an MFA code will be required to use the `/api-token-auth` endpoint. @@ -322,8 +322,8 @@ Hotfix release - no significant feature changes. ![image](images/risk_table.png) -- **(Pro UI)** Added a link to Universal Importer to the sidebar, which provides access to the [Universal Importer and DefectDojo CLI](/en/connecting_your_tools/external_tools/) tools. -- **(Pro UI)** Added smart Prioritization and Risk fields to DefectDojo Pro, which can be used to more easily triage Findings based on the impact of the Product they affect. See [Priority](/en/working_with_findings/finding_priority/) documentation for more information. +- **(Pro UI)** Added a link to Universal Importer to the sidebar, which provides access to the [Universal Importer and DefectDojo CLI](/import_data/pro/specialized_import/external_tools/) tools. +- **(Pro UI)** Added smart Prioritization and Risk fields to DefectDojo Pro, which can be used to more easily triage Findings based on the impact of the Product they affect. See [Priority](/asset_modelling/hierarchy/pro__priority_sla/) documentation for more information. - **(Tools)** Updated Fortify Webinspect parser to handle Fortify's new XML report format. #### Apr 14, 2025: v2.45.1 @@ -390,7 +390,7 @@ Hotfix release - no significant feature changes. - **(Pro UI)** Added 'Has Jira' (True/False) as a filter, to filter Findings, Products or Engagements that have associated Jira data. - **(Pro UI)** Notes can now be added to Engagement / Findings / Tests from All Engagements / Findings / Tests lists as well as View Engagement / Findings / Tests pages. - **(Pro UI)** Added ability to Close Finding from a Finding List, without needing to first open the Edit Finding form. -- **(CLI Tools)** Improved help text for Universal Importer / DefectDojo CLI. Many guides and examples are now in our [docs](/en/connecting_your_tools/external_tools/) instead of being displayed in the CLI itself. +- **(CLI Tools)** Improved help text for Universal Importer / DefectDojo CLI. Many guides and examples are now in our [docs](/import_data/pro/specialized_import/external_tools/) instead of being displayed in the CLI itself. - **(Tools)** Updated Burp scan to use Hashcode Deduplication. Default hashcode forms are `title`, `file_path`, `severity`, and `vuln_id_from_tool`. - **(Tools)** Corrected issue with AWS Inspector2 OSS parser related to `mitigated date` being handled incorrectly. @@ -591,7 +591,7 @@ configuration fields. - **(API)** It is now possible to prefetch a Finding with attached files via API. - **(Login)** A new "Forgot Username" link has been added to the login form. The link will navigate to a page which requests the user's email address. The username will be sent to that address if it exists. - **Risk Acceptances** Notes are now added to Findings when they are removed from Risk Acceptances. -- **(Risk Acceptance)** Risk Acceptance overhaul. Feature has been extended with new functions. See [Risk Acceptance documentation](/en/working_with_findings/findings_workflows/risk_acceptances/) for more details. +- **(Risk Acceptance)** Risk Acceptance overhaul. Feature has been extended with new functions. See [Risk Acceptance documentation](/triage_findings/findings_workflows/risk_acceptances/) for more details. - **Tools** Qualys HackerGuardian parser added. - **Tools** Semgrep Parser updated with new severity mappings. HackerOne parser updated and now supports bug bounty reports. - **Tools** fixed an issue where certain tools would not process asyncronously: Whitehat_Sentinel, SSLyze, SSLscan, Qualys_Webapp, Mend, Intsights, H1, and Blackduck. diff --git a/docs/content/en/about_defectdojo/_index.md b/docs/content/en/about_defectdojo/_index.md deleted file mode 100644 index aa822dcdbe4..00000000000 --- a/docs/content/en/about_defectdojo/_index.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: "About DefectDojo" -date: 2021-02-02T20:46:29+01:00 -draft: false -type: docs -weight: 1 - -cascade: -- type: "blog" - # set to false to include a blog section in the section nav along with docs - toc_root: true - _target: - path: "/blog/**" -- type: "docs" - _target: - path: "/**" -exclude_search: true ---- diff --git a/docs/content/en/about_defectdojo/new_user_checklist.md b/docs/content/en/about_defectdojo/new_user_checklist.md deleted file mode 100644 index d2e93499da9..00000000000 --- a/docs/content/en/about_defectdojo/new_user_checklist.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "☑️ New User Checklist" -description: "Get Started With DefectDojo" -draft: "false" -weight: 3 -chapter: true ---- - -Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app. - -The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know. Here are ways to achieve those things in DefectDojo Pro and Open-Source: - -### DefectDojo Pro - -1. Start by [importing a file](/en/connecting_your_tools/import_scan_files/import_scan_ui) using the UI. This is generally the quickest way to see how your data fits into the DefectDojo model. - -2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data into logical categories, apply access control rules, sort Findings by [Priority and Risk](/en/working_with_findings/finding_priority/) or to segment your reports to the correct team. - -3. Check out your [Metrics pages](/en/customize_dojo/dashboards/pro_dashboards/) which can be used to quickly share Finding reports with key stakeholders. - -### DefectDojo Open-Source - -1. Open-Source users can start by creating their first [Product Type and Product](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). Once those are created, they can [import a file](/en/connecting_your_tools/import_scan_files/import_scan_ui) to one of those Products using the UI. - -2. Now that you have data in DefectDojo, consider expanding your Product layout [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data up into logical categories. These categories can be used to apply access control rules, or to segment your reports to the correct team. - -3. Use the [Report Builder](/en/share_your_findings/pro_reports/using_the_report_builder/#opening-the-report-builder) to summarize the data you've imported. Reports can be used to quickly share Findings with stakeholders such as Product Owners. - -This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know. - -All of these features can be automated, and because DefectDojo can handle over 200 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output. - -## Other guides - -### Pro Features -- If your organization uses ServiceNow, AzureDevops, GitHub or GitLab for issue tracking, check out our [documentation](/en/share_your_findings/integrations/) on those integrations. -- Customize your [main Dashboard](/en/customize_dojo/dashboards/introduction_dashboard/) with filtered tiles to view your environment at a glance. -- Learn how to rapidly import data and mirror your team's existing security environment with [Connectors](/en/connecting_your_tools/connectors/about_connectors/). - -### Open-Source Features -- Does your organization use Jira? Learn how to use our [Jira integration](/en/share_your_findings/jira_guide/) to create Jira tickets from the data you ingest. -- Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/en/customize_dojo/user_management/about_perms_and_roles/) and set up role-based access control (RBAC). -- Ready to dive into automation? Learn how to use the [DefectDojo API](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling) to automatically import new data, and build a robust CI/CD pipeline. \ No newline at end of file diff --git a/docs/content/en/connecting_your_tools/parsers/file/openreports.md b/docs/content/en/connecting_your_tools/parsers/file/openreports.md deleted file mode 100644 index c3ec62d9a42..00000000000 --- a/docs/content/en/connecting_your_tools/parsers/file/openreports.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: "OpenReports" -toc_hide: true ---- - -Import vulnerability scan reports formatted as [OpenReports](https://github.com/openreports/reports-api). - -OpenReports is a Kubernetes-native reporting framework that aggregates vulnerability scan results and compliance checks from various security tools into a unified format. It provides a standardized API for collecting and reporting security findings across your Kubernetes infrastructure. - -### File Types - -DefectDojo parser accepts a .json file. - -### Exporting Reports from Kubernetes - -To export OpenReports from your Kubernetes cluster, use kubectl: - -```bash -kubectl get reports -A -ojson > reports.json -``` - -This command retrieves all Report objects from all namespaces and saves them in JSON format. You can then import the `reports.json` file into DefectDojo. - -To export reports from a specific namespace: - -```bash -kubectl get reports -n -ojson > reports.json -``` - -### Report Formats - -The parser supports multiple input formats: - -- Single Report object -- Array of Report objects -- Kubernetes List object containing Report items - -### Sample Scan Data - -Sample OpenReports scans can be found in the [unittests/scans/openreports directory](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openreports). - -### Supported Fields - -The parser extracts the following information from OpenReports JSON: - -- **Metadata**: Report name, namespace, UID for stable deduplication -- **Scope**: Kubernetes resource information (kind, name, namespace) -- **Results**: Individual security findings with: - - Message and description - - Policy ID (e.g., CVE identifiers) - - Severity (critical, high, medium, low, info) - - Category (e.g., "vulnerability scan", "compliance check") - - Source scanner information - - Package details (name, installed version, fixed version) - - References and URLs - -### Severity Mapping - -OpenReports severity levels are mapped to DefectDojo as follows: - -| OpenReports Severity | DefectDojo Severity | -|----------------------|---------------------| -| critical | Critical | -| high | High | -| medium | Medium | -| low | Low | -| info | Info | - -### Result Status Mapping - -The `result` field in OpenReports is mapped to DefectDojo finding status: - -| OpenReports Result | Active | Verified | Description | -|--------------------|--------|----------|------------------------------------------------| -| fail | True | True | Finding requires attention | -| warn | True | True | Warning-level finding | -| pass | False | False | Check passed, no vulnerability found | -| skip | False | False | Check was skipped | - -### Features - -**CVE Tracking**: Findings with CVE policy IDs are automatically tagged with vulnerability identifiers. - -**Fix Availability**: The parser automatically sets the `fix_available` flag when a fixed version is provided. - -**Service Mapping**: Findings are mapped to services based on Kubernetes scope (namespace/kind/name). - -**Stable Deduplication**: Uses report UID from metadata for consistent deduplication across reimports. - -**Tagging**: Findings are automatically tagged with category, source scanner, and Kubernetes resource kind. - -### Example JSON Format - -```json -{ - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "name": "deployment-test-app-630fc", - "namespace": "test", - "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" - }, - "scope": { - "kind": "Deployment", - "name": "test-app" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - } - ] -} -``` - -### Default Deduplication Hashcode Fields - -By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): - -- unique_id_from_tool (format: `report_uid:policy:package_name`) -- title -- severity -- vulnerability ids (for CVE findings) -- description - -The parser uses the report UID from metadata to create a stable `unique_id_from_tool` that persists across reimports. diff --git a/docs/content/en/customize_dojo/_index.md b/docs/content/en/customize_dojo/_index.md deleted file mode 100644 index d2799af41e9..00000000000 --- a/docs/content/en/customize_dojo/_index.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: "👥 Management & Customization" -description: "Dashboards, User Access" -summary: "" -date: 2023-09-07T16:06:50+02:00 -lastmod: 2023-09-07T16:06:50+02:00 -draft: false -weight: 5 -chapter: true -seo: - title: "" # custom title (optional) - description: "" # custom description (recommended) - canonical: "" # custom canonical URL (optional) - robots: "" # custom robot tags (optional) -exclude_search: true ---- \ No newline at end of file diff --git a/docs/content/en/customize_dojo/dashboards/pro_dashboards.md b/docs/content/en/customize_dojo/dashboards/pro_dashboards.md deleted file mode 100644 index ff712ead903..00000000000 --- a/docs/content/en/customize_dojo/dashboards/pro_dashboards.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: "Metrics Dashboards (Pro)" -description: "How to use DefectDojo's Pro Metrics" -weight: 3 ---- - -The DefectDojo Pro UI has many Metrics dashboards which are kept up to date in real-time. Each Dashboard can render a PDF report to share data with key stakeholders. - -These dashboards include: - -* **Executive Insights**, which displays the current state of your Products and Product Types. -* **Program Insights**, which displays the effectiveness of your security team and the cost savings associated with separating duplicates and false positives from actionable Findings -* **Remediation Insights**, which displays your effectiveness at remediating Findings. -* **Tool Insights**, which displays the effectiveness of your tool suite (and Connectors pipelines) at detecting and reporting vulnerabilities. - -## Executive Insights - -![image](images/pro_dashboards_1.png) - -This dashboard allows you to select any Product Type or Product from the filter list and get a status report on the number of Findings present. If no filters are selected, this dashboard will display the status of all Product Types and Products. - -![image](images/pro_dashboards_2.png) - -Graphs are provided to illustrate SLA compliance, active Findings over time, and other metrics relevant to the selected Product/Product Types and timeframe. - -## Program Insights - -![image](images/pro_dashboards_3.png) - -This dashboard shows a report of your team's security program, including quarterly breakdowns on testing, as well as noise reduction through the application of deduplication and reimport features. - -## Remediation Insights - -![image](images/pro_dashboards_4.png) - -This dashboard tracks your remediation performance, charting time to remediation as well as Risk Acceptance over time. "Highly Exploitable Findings" uses [EPSS scores](/en/working_with_findings/intro_to_findings/#monitor-current-vulnerabilities-using-cves-and-epss-scores-pro-feature) to estimate the likelihood of a Finding's exploit. DefectDojo Pro comes with a daily-updated EPSS database to which assigns those scores and percentiles to each of your Findings. - -## Tool Insights - -![image](images/pro_dashboards_5.png) - -This dashboard tracks the performance of each security tool used in DefectDojo, based on the count and severity of Findings that it reports. - -## Switching To The Pro UI - -These Dashboards are available under **Metrics** in the Pro UI. -To access the Pro UI, open the User Options menu from the top-right hand corner. You can also switch back to the Classic UI from the same menu. - -![image](images/beta-classic-uis.png) \ No newline at end of file diff --git a/docs/content/en/customize_dojo/user_management/pro_permissions_overhaul.md b/docs/content/en/customize_dojo/user_management/pro_permissions_overhaul.md deleted file mode 100644 index acb025cfb40..00000000000 --- a/docs/content/en/customize_dojo/user_management/pro_permissions_overhaul.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: "🟧 Set Permissions in Pro" -description: "Overhaul, pro feature" -weight: 3 ---- - -Permissions in DefectDojo Pro have been simplified, to make it easier to assign object access. This feature can be accessed through the [Pro UI](/en/about_defectdojo/ui_pro_vs_os/). - -### Opening the Permissions window - -![image](images/pro_permissions.png) - -When looking at Product Type or Product, you can open the Permissions window to set permissions quickly. This menu can be found in a Table by clicking the horizontal dots **"⋮"**. IF looking at an individual **Product** or **Product Type** page, this menu can be found under the blue gear ‘⚙️’. - -## Setting Permissions through the permissions window - -![image](images/pro_permissions_2.png) - -1. At the top of this window, you can choose to manage permissions for an individual user or for a [user group](../create_user_group). -2. Here, you can select a user or group to add to the Product, and select the [Role](../about_perms_and_roles) that you want that user to have. -3. On the lower table, you can see a list of all users or groups who have access to this object. You can also quickly assign a new role for one of these users or groups from the drop-down menu. - -## Setting Configuration Permissions through the User view - -A user's configuration permissions can now be set in a more user-friendly approach. From the Users View, all configuration permissions are displayed in a dropdown, then grouped by the permission type. If the selection of configuration permissions is different from their current value, an “Update Configuration Permissions” button is displayed. When clicked, the user will be asked to confirm they would like to update the permissions for the selected group before an update is made. - -![image](images/pro_user_view.png) diff --git a/docs/content/en/open_source/installation/_index.md b/docs/content/en/open_source/installation/_index.md deleted file mode 100644 index 363026c464c..00000000000 --- a/docs/content/en/open_source/installation/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "Open-Source Installation & Configuration" -description: "How to install and configure DefectDojo" -weight: 1 -chapter: true ---- diff --git a/docs/content/en/open_source/installation/demo.md b/docs/content/en/open_source/installation/demo.md deleted file mode 100644 index b98404ea6a2..00000000000 --- a/docs/content/en/open_source/installation/demo.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: "Online Demo" -description: "There is DefectDojo demo site running the latest officially released version" -draft: false -weight: 6 ---- - -## Demo - -Try out the demo sever at [demo.defectdojo.org](https://demo.defectdojo.org) - -Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessable and regularly reset. Do not put sensitive data in the demo. diff --git a/docs/content/en/open_source/upgrading/2.55.md b/docs/content/en/open_source/upgrading/2.55.md new file mode 100644 index 00000000000..90df965950d --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.55.md @@ -0,0 +1,13 @@ +--- +title: 'Upgrading to DefectDojo Version 2.55.x' +toc_hide: true +weight: -20260105 +description: Authorization related optimizations +--- + +## Authorization related optimizations + +The queries related to authorizations have been optmized. For example retrieving the list of authorized findings for the logged in user. +Some of these are now also cached during that duration of a request. This should have no functional effects and only results in better performance. + +Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.55.0) for the contents of the release. diff --git a/docs/content/en/working_with_findings/finding_deduplication/about_deduplication.md b/docs/content/en/working_with_findings/finding_deduplication/about_deduplication.md deleted file mode 100644 index b947afc335d..00000000000 --- a/docs/content/en/working_with_findings/finding_deduplication/about_deduplication.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "About Deduplication" -description: "Deduplication fundamentals and key concepts" -weight: 1 ---- - -DefectDojo is designed to ingest bulk reports from tools, creating one or more Findings based on the content of the report. When using DefectDojo, you’ll most likely be ingesting reports from the same tool on a regular basis, which means that duplicate Findings are highly likely. - -This is where Deduplication comes in, a Smart feature which you can set up to automatically manage duplicate Findings. - -## How DefectDojo handles duplicates - -1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. -2. **Later, you import Test 2 which contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** -3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. - -By creating and marking Duplicates in this way, DefectDojo ensures that all the work for the ‘original’ vulnerability is centralized on the original Finding page, without creating separate contexts, or giving your team the impression that there are multiple separate vulnerabilities which need to be addressed. - -By default, these Tests would need to be nested under the same Product for Deduplication to be applied. If you wish, you can further limit the Deduplication scope to a single Engagement. - -![Deduplication on product and engagement level](images/deduplication.png) - -Duplicate Findings are set as Inactive by default. This does not mean the Duplicate Finding itself is Inactive. Rather, this is so that your team only has a single active Finding to work on and remediate, with the implication being that once the original Finding is Mitigated, the Duplicates will also be Mitigated. - -## Deduplication vs Reimport - -Deduplication and Reimport are similar processes but they have a key difference: - -* When you Reimport to a Test, the Reimport process looks at incoming Findings, **filters and** **discards any matches**. Those matches will never be created as Findings or Finding Duplicates. -* Deduplication is applied 'passively' on Findings that have already been created. It will identify duplicates in scope and **label them**, but it will not delete or discard the Finding unless 'Delete Deduplicate Findings' is enabled. -* The 'reimport' action of discarding a Finding always happens before deduplication; DefectDojo **cannot deduplicate Findings that are never created** as a result of Reimport's filtering. - -## When are duplicates appropriate? - -Duplicates are useful when you’re dealing with shared, but discrete Testing contexts. For example, if your Product is uploading Test results for two different repositories, which need to be compared, it’s useful to know which vulnerabilities are shared across those repositories. - -However, if DefectDojo is creating excess duplicates, this can also be a sign that you need to adjust your pipelines or import processes. - -## What do my duplicates indicate? - -* **The same vulnerability, but found in a different context:** this is the appropriate way to use Duplicate Findings. If you have many components which are affected by the same vulnerability, you would likely want to know which components are affected to understand the scope of the problem. -​ -* **The same vulnerability, found in the same context**: better options exist for this case. If the Duplicate Finding does not give you any new context on the vulnerability, or if you find yourself frequently ignoring or deleting your duplicate Findings, this is a sign that your process can be improved. For example, Reimport allows you to effectively manage incoming reports from a CI/CD pipeline. Rather than create a completely new Finding object for each duplicate, Reimport will make a note of the incoming duplicate without creating the Duplicate Finding at all. diff --git a/docs/content/en/working_with_findings/finding_deduplication/deduplication_algorithms.md b/docs/content/en/working_with_findings/finding_deduplication/deduplication_algorithms.md deleted file mode 100644 index 5b5d56ca85d..00000000000 --- a/docs/content/en/working_with_findings/finding_deduplication/deduplication_algorithms.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: "Deduplication Algorithms" -description: "How DefectDojo identifies duplicates: Unique ID, Hash Code, Unique ID or Hash Code, Legacy" -weight: 3 ---- - -## Overview - -DefectDojo supports four deduplication algorithms that can be selected per parser (test type): - -- **Unique ID From Tool**: Uses the scanner-provided unique identifier. -- **Hash Code**: Uses a configured set of fields to compute a hash. -- **Unique ID From Tool or Hash Code**: Prefer the tool’s unique ID; fall back to hash when no matching unique ID is found. -- **Legacy**: Historical algorithm with multiple conditions; only available in the Open Source version. - -Algorithm selection per parser is controlled by `DEDUPLICATION_ALGORITHM_PER_PARSER` (see the [Open-Source tuning page](/en/working_with_findings/finding_deduplication/deduplication_tuning_os/) for configuration details). - -## How endpoints are assessed per algorithm - -Endpoints can influence deduplication in different ways depending on the algorithm and configuration. - -### Unique ID From Tool - -- Deduplication uses `unique_id_from_tool` (or `vuln_id_from_tool`). -- **Endpoints are ignored** for duplicate matching. -- A finding’s hash may still be calculated for other features, but it does not affect deduplication under this algorithm. - -### Hash Code - -- Deduplication uses a hash computed from fields specified by `HASHCODE_FIELDS_PER_SCANNER` for the given parser. -- The hash also includes fields from `HASH_CODE_FIELDS_ALWAYS` (see Service field section below). -- Endpoints can affect deduplication in two ways: - - If the scanner’s hash fields include `endpoints`, they are part of the hash and must match accordingly. -- If the scanner’s hash fields do not include `endpoints`, optional endpoint-based matching can be enabled via `DEDUPE_ALGO_ENDPOINT_FIELDS` (OS setting). When configured: - - Set it to an empty list `[]` to ignore endpoints entirely. - - Set it to a list of endpoint attributes (e.g. `["host", "port"]`). If at least one endpoint pair between the two findings matches on all listed attributes, deduplication can occur. - -### Unique ID From Tool or Hash Code -A finding is a duplicate with another if they have the same unique_id_from_tool OR the same hash_code. - -The endpoints also have to match for the findings to be considered duplicates, see the Hash Code algorithm above. - -### Legacy (OS only) - -- Deduplication considers multiple attributes including endpoints. -- Behavior differs for static vs dynamic findings: - - **Static findings**: The new finding must contain all endpoints of the original. Extra endpoints on the new finding are allowed. - - **Dynamic findings**: Endpoints must strictly match (commonly by host and port); differing endpoints prevent deduplication. -- If there are no endpoints and both `file_path` and `line` are empty, deduplication typically does not occur. - -## Background processing - -- Dedupe is triggered on import/reimport and during certain updates run via Celery in the background. - -## Service field and its impact - -- By default, `HASH_CODE_FIELDS_ALWAYS = ["service"]`, meaning the `service` associated with a finding is appended to the hash for all scanners. -- Practical implications: - - Two otherwise identical findings with different `service` values will produce different hashes and will not deduplicate under Hash-based paths. - - During import/reimport, the `Service` field entered in the UI can override the parser-provided service. Changing it can change the hash and therefore affect deduplication outcomes. - - If you want service to have no impact on deduplication, configure `HASH_CODE_FIELDS_ALWAYS` accordingly (see the OS tuning page). Removing `service` from the always-included list will stop it from affecting hashes. - -See also: the [Open Source tuning guide](/en/working_with_findings/finding_deduplication/deduplication_tuning_os/) for configuration details and examples. diff --git a/docs/content/en/working_with_findings/finding_deduplication/delete_deduplicates.md b/docs/content/en/working_with_findings/finding_deduplication/delete_deduplicates.md deleted file mode 100644 index 8a4cbed898b..00000000000 --- a/docs/content/en/working_with_findings/finding_deduplication/delete_deduplicates.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: "Delete Deduplicate Findings" -description: "Remove excess duplicate Findings from DefectDojo" -weight: 3 ---- - -If you have an excessive amount of duplicate Findings which you want to delete, you can set **Delete Deduplicate Findings** as an option in the **System Settings**. - -**Delete Deduplicate Findings**, combined with the **Maximum Duplicates** field allows DefectDojo to limit the amount of Duplicate Findings stored. When this field is enabled, DefectDojo will only keep a certain number of Duplicate Findings. - -## Which duplicates will be deleted? - -The original Finding will never be deleted automatically from DefectDojo, but once the threshold for Maximum Duplicates is crossed, DefectDojo will automatically delete the oldest Duplicate Finding. - -For example, let’s say that you had your Maximum Duplicates field set to ‘1’. - -1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. -2. **Later, you import Test 2 contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** -3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. At this time, Finding B will be deleted from DefectDojo as the threshold for maximum duplicates has been crossed. - -## Applying this setting - -Applying **Delete Deduplicate Findings** will begin a deletion process immediately. This setting can be applied on the **System Settings** page. See Enabling Deduplication for more information. diff --git a/docs/content/en/working_with_findings/finding_priority.md b/docs/content/en/working_with_findings/finding_priority.md deleted file mode 100644 index caff9c56bae..00000000000 --- a/docs/content/en/working_with_findings/finding_priority.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: "⏱️ Finding Priority and Risk (Pro)" -description: "How DefectDojo ranks your Findings" -weight: 1 ---- - -![image](images/pro_finding_priority.png) - -Effective risk-based vulnerability management requires an approach that considers -both business context and technical exploitability. Using DefectDojo Pro’s Priority and Risk feature, users can automatically sort Findings into a meaningful context, ensuring -high-impact vulnerabilities can be addressed first. - -**Priority** is a calculated numerical rank applied to all Findings in your DefectDojo -instance. It allows you to quickly understand vulnerabilities in context, especially within -large organizations that are overseeing security needs for many Findings and/or -Products. - -**Risk** is a 4-level ranking system which factors in a Finding’s exploitability to a greater -degree. This is meant as a less granular, more ’executive-level’ version of Priority. - -![image](images/pro_risk_example.png) - -Priority and Risk values can be used with other filters to compare Findings in any context, such as: - -* within a single Product, Engagement or Test -* globally in all DefectDojo Products -* between a few specific Products - -Applying Finding Priority and Risk helps your team respond to the most relevant -vulnerabilities in your organization, and also provides a framework to assist in -compliance with regulatory standards. - - -Learn more about Priority and Risk with DefectDojo Inc's May 2025 Office Hours: - - - -## How Priority & Risk are calculated -The range of Priority values is from 0 to 1150. The higher the number, the more urgency -the Finding is to triage or remediate. - -Similar to Severity, Risk is scored from Low -> Medium -> Needs Action -> Urgent. **Risk** considers Priority fields and may be different from a tool's reported Severity as a result. - -![image](images/priority-overview.png) - -## Priority Fields: Product-Level - -Each Product in DefectDojo has metadata that tracks business criticality and risk -factors. This metadata is used to help calculate Priority and Risk for any associated -Findings. - -All of these metadata fields can be set on the **Edit Product** form for a given Product. - -![image](images/priority_edit_product.png) - -* **Criticality** can be set to any value of None, Very Low, Low, Medium, High, or Very -High. Criticality is a subjective field, so when assigning this field, consider how the -Product compares to other Products in your organization. -* **User Records** is a numerical estimation of user records in a database (or a system -that can access that database). -* **Revenue** is a numerical estimation of annual revenue for the Product. To calculate Priority, DefectDojo will calculate a percentage by comparing this Product's revenue to the sum of all Products within the Product Type. - -It is not possible to set a currency type in DefectDojo, so make sure that all of your Revenue -estimations have the same currency denomination. (“50000” could mean $50,000 -US Dollars or ¥50,000 Japanese Yen - the denomination does not matter as long as -all of your Products have revenue calculated in the same currency). -* **External Audience** is a true/false value - set this to True if this Product can be -accessed by an external audience. For example, customers, users, or anyone -outside of your organization. -* **Internet Accessible** is a true/false value. If this Product can connect to the open -internet, you should set this value to True. - -Priority is a ‘relative’ calculation, which is meant to compare different Products within -your DefectDojo instance. It is ultimately up to your organization to decide how these -filters are set. These values should be as accurate as possible, but the primary goal is -to highlight your key Products so that you can prioritize vulnerabilities according to your -organization’s policies, so these fields do not necessarily need to be set perfectly. - -## Priority Fields: Finding-Level - -Findings within a Product can have additional metadata which can further adjust the Finding’s Priority and Risk level: - -* Whether or not the Finding has an EPSS score, this is automatically added to Findings and kept up to date for Pro users -* How many Endpoints in the Product are affected by this Finding -* Whether or not a Finding is Under Review -* Whether the Finding is in the KEV (Known Exploited Vulnerabilities) database, which is checked by DefectDojo on a regular basis -* The tool-reported Severity of a Finding (Info, Low, Medium, High, Critical) - - -## Finding Risk Calculation - -![image](images/risk_table.png) - -The Risk column on a Findings table is another way to quickly prioritize Findings. Risk is calculated using a Finding's Priority level, but also factors in a Finding's exploitability to a greater degree. This is meant as a less granular, more 'executive-level' version of Priority. - -The four assignable Risk levels are: - -![image](images/pro_risk_levels.png) - -A Finding's EPSS / exploitability is much more emphasized in the Risk calculation. As a result, a Finding can have both a high priority and a low risk value. - -As with Finding Priority, the Risk calculation cannot currently be adjusted. - -## Priority Insights Dashboard - -Users can take an executive-level view of Priority and Risk in their environment using -the Priority Insights Dashboard (Metrics > Priority Insights in the sidebar) - -![image](images/priority_dashboard.png) - -This dashboard can be filtered to include specific Products or date ranges. As with -other Pro dashboards, this dashboard can be exported from DefectDojo as a PDF to -quickly produce a report. - -## Setting Priority & Risk for Regulatory Compliance - -This is a non-exhaustive list of regulatory standards that specifically require -vulnerability prioritization methods: - -* [SOX (Sarbanes-Oxley Act](https://www.sarbanes-oxley-act.com/)) compliance requires revenue-based prioritization for -systems impacting financial data. In DefectDojo, a system’s revenue can be entered -at the Product level. -* [PCI DSS](https://www.pcisecuritystandards.org/standards/pci-dss/) compliance requires prioritization based on risk ratings and criticality to -cardholder data environments. Business Criticality and External Audience can be -set at the Product level, while DefectDojo’s Finding-level EPSS sync supports PCI’s -risk-based approach. -* [NIST SP 800-40](https://csrc.nist.gov/pubs/sp/800/40/r4/final) is a preventative maintenance guide which specifically calls for -vulnerability prioritization based on business impact, product criticality and -internet accessibility factors. All of these can be set at DefectDojo’s Product level. -* [ISO 27001/27002](https://www.iso.org/standard/27001) Control A.12.6.1 compliance requires management of technical -vulnerabilities with Priority based on risk assessment. -* [GDPR Article 32](https://gdpr-info.eu/art-32-gdpr/) requires risk-based security measures - user records and external -audience flags at the Product level can help prioritize systems in your organization -that process personal data. -* [FISMA/FedRAMP](https://help.fedramp.gov/hc/en-us) compliance require continuous monitoring and risk-based vulnerability remediation. \ No newline at end of file diff --git a/docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md b/docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md deleted file mode 100644 index b1eac050c2f..00000000000 --- a/docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: "Manage Duplicate Findings" -description: "How to discover and correct redundancies in your workflow - using Deduplication, Reimiport and other Smart features" -weight: 3 ---- - -One of DefectDojo’s strengths is that the data model can accommodate many different use\-cases and applications. You’ll likely change your approach as you master the software and discover ways to optimize your workflow. - -By default, DefectDojo does not delete any duplicate Findings that are created. Each Finding is considered to be a separate instance of a vulnerability. So in this case, **Duplicate Findings** can be an indicator that a process change is required to your workflow. - -## Step 1: Clean up your excess Duplicates - -Fortunately, DefectDojo’s Deduplication settings allow you to mass\-delete duplicates once a certain threshold has been crossed. This feature makes the cleanup process easier. To learn more about this process, see our article on **Finding Deduplication** \<\-link will go here. - -## Step 2: Evaluate your Engagements for redundancies - -Once you’ve cleaned up your duplicate Findings, it’s a good practice to look at the Product which contained them to see if there’s a clear culprit. You might find that there are Engagements contained within which have a redundant context. - -### Duplicate or Reused Engagements - -Engagements store one or more Tests for a particular testing context. That context is ultimately up to you to define for yourself, but if you see a few Engagements within your Product which should share the same context, consider combining them into a single engagement. -​ -### Questions to ask when defining Engagement context: - -* If I wanted to make a report on this work, would the Engagement contain all of the relevant information I need? -* Are we proactively creating Engagements ahead of time or are they being created ‘ad\-hoc’ by my import process? -* Are we using the right kind of Engagement \- **Interactive** or **CI/CD**? -* What section of the codebase is being worked on by tests: is each repository a separate context or could multiple repositories make up a shared context for testing? -* Who are the stakeholders involved with the Productt, and how will I share results with them? - -## Step 3: Check for redundant Tests - -If you discover that separate Tests have been created which capture the same testing context, this may be an indicator that these tests can be consolidated into a single Reimport. - -DefectDojo has two methods for importing test data to create Findings: **Import** and **Reimport**. Both of these methods are very similar, but the key difference between the two is that **Import** always creates a new Test, while **Reimport** can add new data to an existing Test. It’s also worth noting that **Reimport** does not create duplicate Findings within that Test. - -Each time you import new vulnerability reports into DefectDojo, those reports will be stored in a Test object. A Test object can be created by a user ahead of time to hold a future **Import**. If a user wants to import data without specifying a Test destination, a new Test will be created to store the incoming report. - -Tests are flexible objects, and although they can only hold one *kind* of report, they can handle multiple instances of that same report through the **Reimport** method. To learn more about Reimport, see our **[article](/en/connecting_your_tools/import_scan_files/using_reimport)** on this topic. - -## When are Duplicate Findings acceptable? - -Duplicate Findings are not always indicative of a problem. There are many cases where keeping duplicates is the preferred approach. For example: - -* If your team uses and reports on Interactive Engagements. If you want to create a discrete report on a single Test specifically, you would want to know if there’s an occurrence of a Finding that was already uncovered earlier. -* If you have Engagements which are contextually separated (for example, because they cover different repositories) you would want to be able to flag Findings which are occurring in both places. diff --git a/docs/content/en/working_with_findings/priority_adjustments.md b/docs/content/en/working_with_findings/priority_adjustments.md deleted file mode 100644 index 2ea030b61c2..00000000000 --- a/docs/content/en/working_with_findings/priority_adjustments.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: "Adjusting Priority and Risk (Pro)" -description: "Change weighting of Priority and Risk calculations" -weight: 2 ---- - -DefectDojo Pro's Priority and Risk calculations can be adjusted, allowing you to tailor DefectDojo Pro to match your internal standards for Finding Priority and Risk. - -## Prioritization Engines - -Similar to SLA configurations, Prioritization Engines allow you to set the rules governing how Priority and Risk are calculated. - -![image](images/priority_default.png) - -DefectDojo comes with a built-in Prioritization Engine, which is applied to all Products. However, you can edit this Prioritization Engine to change the weighting of **Finding** and **Product** multipliers, which will adjust how Finding Priority and Risk are assigned. - -### Finding Multipliers - -Eight contextual factors impact the Priority score of a Finding. Three of these are Finding-specific, and the other five are assigned based on the Product that holds the Finding. - -You can tune your Prioritization Engine by adjusting how these factors are applied to the final calculation. - -![image](images/priority_sliders.png) - -Select a factor by clicking the button, and adjust this slider allows you to control the percentage a particular factor is applied. As you adjust the slider, you'll see the Risk thresholds change as a result. - -#### Finding-Level Multipliers - -* **Severity** - a Finding's Severity level -* **Exploitability** - a Finding's KEV and/or EPSS score -* **Endpoints** - the amount of Endpoints associated with a Finding - -#### Product-Level Multipliers - -* **Business Criticality** - the related Product's Business Criticality (None, Very Low, Low, Medium, High, or Very -High) -* **User Records** - the related Product's User Records count -* **Revenue** - the related Product's revenue, relative to the total revenue of the Product Type -* **External Audience** - whether or not the related Product has an external audience -* **Internet Accessible** - whether or not the related Product is internet accessible - -### Risk Thresholds - -Based on the tuning of the Priority Engine, DefectDojo will automatically recommend Risk Thresholds. However, these thresholds can be adjusted as well and set to whatever values you deem appropriate. - -![image](images/risk_threshold.png) - -## Creating New Prioritization Engines - -You can use multiple Prioritization Engines, which can each be assigned to different Products. - -![image](images/priority_engine_new.png) - -Creating a new Prioritization Engine will open the Prioritization Engine form. Once this form is submitted, a new Prioritization Engine will be added to the table. - -## Assigning Prioritization Engines to Products - -Each Product can have a Prioritization Engine currently in use via the **Edit Product** form for a given Product. - -![image](images/priority_chooseengine.png) - -Note that when a Product's Prioritization Engine is changed, or a Prioritization Engine is updated, the Product's Prioritization Engine or the Prioritization Engine itself will be "Locked" until the prioritization calculation has completed. \ No newline at end of file diff --git a/docs/content/en/_index.md b/docs/content/get_started/_index.md similarity index 93% rename from docs/content/en/_index.md rename to docs/content/get_started/_index.md index e288c34b9a2..d2f4ac74f16 100644 --- a/docs/content/en/_index.md +++ b/docs/content/get_started/_index.md @@ -1,5 +1,5 @@ --- -title: "Index" +title: "Get Started" date: 2021-02-02T20:46:29+01:00 draft: false type: docs diff --git a/docs/content/get_started/about/OS__new_user_checklist.md b/docs/content/get_started/about/OS__new_user_checklist.md new file mode 100644 index 00000000000..ebf29ec20f8 --- /dev/null +++ b/docs/content/get_started/about/OS__new_user_checklist.md @@ -0,0 +1,28 @@ +--- +title: "☑️ New User Checklist" +description: "Get Started With DefectDojo" +draft: "false" +weight: 3 +audience: opensource +--- + +Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app. This article assumes you have **DefectDojo Community Edition** installed and running in your environment. + +The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know. Here are ways to achieve those things in DefectDojo Open-Source: + +### DefectDojo Open-Source + +1. Open-Source users can start by creating their first [Product Type and Product](/asset_modelling/hierarchy/product_hierarchy/). Once those are created, they can [import a file](/import_data/import_scan_files/os__import_scan_ui/) to one of those Products using the UI. + +2. Now that you have data in DefectDojo, consider expanding your Product layout [Product Hierarchy Overview](/asset_modelling/hierarchy/product_hierarchy/). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data up into logical categories. These categories can be used to apply access control rules, or to segment your reports to the correct team. + +3. Use the [Report Builder](/metrics_reports/reports/using_the_report_builder/#opening-the-report-builder) to summarize the data you've imported. Reports can be used to quickly share Findings with stakeholders such as Product Owners. + +This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know. + +All of these features can be automated, and because DefectDojo can handle over 200 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output. + +### Open-Source Features +- Does your organization use Jira? Learn how to use our [Jira integration](/issue_tracking/jira/jira_guide/) to create Jira tickets from the data you ingest. +- Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/admin/user_management/about_perms_and_roles/) and set up role-based access control (RBAC). +- Ready to dive into automation? Learn how to use the [DefectDojo API](/import_data/import_scan_files/api_pipeline_modelling/) to automatically import new data, and build a robust CI/CD pipeline. \ No newline at end of file diff --git a/docs/content/get_started/about/PRO__new_user_checklist.md b/docs/content/get_started/about/PRO__new_user_checklist.md new file mode 100644 index 00000000000..bb321882b24 --- /dev/null +++ b/docs/content/get_started/about/PRO__new_user_checklist.md @@ -0,0 +1,26 @@ +--- +title: "☑️ New User Checklist" +description: "Get Started With DefectDojo" +draft: "false" +weight: 3 +audience: pro +--- + +The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know. Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app. + +### Discover DefectDojo + +1. Start by [importing a file](/import_data/import_scan_files/pro__import_scan_ui/) using the UI. This is generally the quickest way to see how your data fits into the DefectDojo model. + +2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](/asset_modelling/hierarchy/product_hierarchy/). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data into logical categories, apply access control rules, sort Findings by [Priority and Risk](/asset_modelling/hierarchy/pro__priority_sla/) or to segment your reports to the correct team. + +3. Check out your [Metrics pages](/metrics_reports/pro_metrics/pro__overview/) which can be used to quickly share Finding reports with key stakeholders. + +This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know. + +All of these features can be automated, and because DefectDojo can handle over 200 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output. + +### Pro Features +- If your organization uses Jira, ServiceNow, AzureDevops, GitHub or GitLab for issue tracking, check out our [documentation](/issue_tracking/intro/intro/) on those integrations. +- Customize your [main Dashboard](/metrics_reports/dashboards/introduction_dashboard/) with filtered tiles to view your environment at a glance. +- Learn how to rapidly import data and mirror your team's existing security environment with [Connectors](/import_data/pro/connectors/about_connectors/). diff --git a/docs/content/get_started/about/_index.md b/docs/content/get_started/about/_index.md new file mode 100644 index 00000000000..c6e4d60e318 --- /dev/null +++ b/docs/content/get_started/about/_index.md @@ -0,0 +1,5 @@ +--- +title: "About DefectDojo" +date: 2021-02-02T20:46:29+01:00 +weight: 1 +--- diff --git a/docs/content/en/about_defectdojo/about_docs.md b/docs/content/get_started/about/about_defectdojo.md similarity index 79% rename from docs/content/en/about_defectdojo/about_docs.md rename to docs/content/get_started/about/about_defectdojo.md index ddc1baf94d2..d86ae4c646a 100644 --- a/docs/content/en/about_defectdojo/about_docs.md +++ b/docs/content/get_started/about/about_defectdojo.md @@ -1,5 +1,5 @@ --- -title: "About Our Documentation" +title: "About DefectDojo" date: 2021-02-02T20:46:29+01:00 draft: false type: docs @@ -58,8 +58,8 @@ For teams managing a smaller volume of Findings, DefectDojo Open-Source is a gre There are a few supported ways to install DefectDojo’s Open-Source edition ([available on Github](https://github.com/DefectDojo/django-DefectDojo)): [Docker Compose](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md) is the easiest method to install the core program and services required to run DefectDojo. -Our [Architecture](https://docs.defectdojo.com/en/open_source/installation/architecture/) guide gives you an overview of each service and component used by DefectDojo. -[Running In Production](https://docs.defectdojo.com/en/open_source/installation/running-in-production/) lists system requirements, performance tweaks and maintenance processes for running DefectDojo on a production server (with Docker Compose). +Our [Architecture](https://docs.defectdojo.com/open_source/installation/architecture/) guide gives you an overview of each service and component used by DefectDojo. +[Running In Production](https://docs.defectdojo.com/open_source/installation/running-in-production/) lists system requirements, performance tweaks and maintenance processes for running DefectDojo on a production server (with Docker Compose). Kubernetes is not fully supported at the Open-Source level, but this guide can be referenced and used as a starting point to integrate DefectDojo into Kubernetes architecture. @@ -71,12 +71,12 @@ If you run into trouble with an Open-Source install, we highly recommend asking DefectDojo Inc. hosts a Pro edition of this software for commercial purposes. Along with a sleek, modern UI, DefectDojo Pro includes: -* [Connectors](/en/connecting_your_tools/connectors/about_connectors/): out-of-the-box API integrations with enterprise-level scanners (such as Checkmarx One, BurpSuite, Semgrep and more) -* **Configurable Import Methods**: [Universal Parser](/supported_tools/parsers/universal_parser/), [Smart Upload](/en/connecting_your_tools/import_scan_files/smart_upload/) -* **[CLI Tools](/en/connecting_your_tools/external_tools/)** for rapid integration with your systems -* **[Additional Project Tracking Integrations](/en/share_your_findings/integrations/)**: ServiceNow, Azure DevOps, GitHub and GitLab -* **[Improved Metrics](/en/customize_dojo/dashboards/pro_dashboards/)** for executive reporting and high-level analysis -* **[Priority And Risk](/en/working_with_findings/finding_priority/)** to identify the Findings of highest urgency, system-wide +* [Connectors](/import_data/pro/connectors/about_connectors/): out-of-the-box API integrations with enterprise-level scanners (such as Checkmarx One, BurpSuite, Semgrep and more) +* **Configurable Import Methods**: [Universal Parser](/supported_tools/parsers/universal_parser/), [Smart Upload](/import_data/pro/specialized_import/smart_upload/) +* **[CLI Tools](/import_data/pro/specialized_import/external_tools/)** for rapid integration with your systems +* **[Additional Project Tracking Integrations](/issue_tracking/intro/intro/)**: ServiceNow, Azure DevOps, GitHub and GitLab +* **[Improved Metrics](/metrics_reports/pro_metrics/pro__overview/)** for executive reporting and high-level analysis +* **[Priority And Risk](/asset_modelling/hierarchy/pro__priority_sla/)** to identify the Findings of highest urgency, system-wide * **Premium Support** and implementation guidance for your organization The Pro edition is available as a cloud-hosted SaaS offering, and is also available for installation on-premises. @@ -105,8 +105,7 @@ A running example of DefectDojo Pro is available at Whether you’re a Pro or an Open-Source user, we have many resources to help you get started with DefectDojo. -* Our [New User Checklist](/en/about_defectdojo/new_user_checklist/) covers the fundamentals of setting up your DefectDojo environment and establishing your import, triage and reporting workflows. -* Review our supported [security tool integrations](/en/connecting_your_tools/parsers/) to help fit DefectDojo in your DevSecOps program. +* Review our supported [security tool integrations](/supported_tools/) to help fit DefectDojo in your DevSecOps program. * Our team maintains a [YouTube Channel](https://www.youtube.com/@defectdojo) which hosts tutorials, archived Office Hours events, and other content. ## Connect With Us diff --git a/docs/content/get_started/about/defectdojo_versions.md b/docs/content/get_started/about/defectdojo_versions.md new file mode 100644 index 00000000000..550dfa1eba0 --- /dev/null +++ b/docs/content/get_started/about/defectdojo_versions.md @@ -0,0 +1,30 @@ +--- +title: "Feature comparison" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +weight: 1 +--- + +**DefectDojo Open-Source** is a powerful, free vulnerability management platform with core importing, deduplication, basic dashboards, API access, and essential reporting — ideal for smaller teams or those wanting to self-host and extend the tool using community resources. + +**DefectDojo Pro** builds on that foundation with enterprise-oriented features such as advanced dashboards and reporting, automation and scripting via rules engine, connectors to many security tools, optimized import workflows, unified SOC & AppSec support, improved UI/UX, AI integration, enhanced security (SSO/MFA), and premium support options. + +| Feature / Capability | DefectDojo Open-Source | DefectDojo Pro | +|---------------------|------------------------|----------------| +| Core vulnerability management | ✔️ Import, track, and manage findings from 200+ security tools | ✔️ Everything in open-source, optimized for scale | +| Finding deduplication | ✔️ Standard deduplication | ✔️ Advanced, configurable deduplication | +| REST API | ✔️ Full REST API | ✔️ Full REST API | +| Authentication & access control | ✔️ Local auth and basic RBAC | ✔️ SSO (SAML/OAuth), MFA, advanced RBAC | +| User interface | ✔️ Community UI | ✔️ Modern Pro UI with performance improvements | +| Dashboards & reporting | ✔️ Basic dashboards and reports | ✔️ Advanced, customizable dashboards and executive reporting | +| Automation & workflows | ❌ Not included | ✔️ Rules Engine and automated workflows | +| Import enhancements | ❌ Standard imports only | ✔️ Background imports, Smart Upload, Universal Parser, CLI uploads | +| Tool integrations | ❌ Manual/API-driven | ✔️ Built-in **API Connectors** for popular AppSec and cloud tools | +| Jira integration | ✔️ Included | ✔️ Included | +| Project management integrations | ❌ Not included | ✔️ integrate with **Azure Devops**, **GitHub**, **GitLab** and **ServiceNow** | +| Finding enhancements | ❌ Not included | ✔️ Automatic KEV, EPSS scoring and Ransomware tracking | +| SOC & AppSec unification | ❌ AppSec-focused only | ✔️ Unified AppSec and SOC findings | +| AI & next-generation features | ❌ Not included | ✔️ AI-assisted workflows, reporting and MCP support | +| Support | Community support (GitHub, Slack, forums) | Commercial support with SLAs | +| Hosting options | Self-hosted | Self-hosted or cloud-hosted | \ No newline at end of file diff --git a/docs/content/get_started/about/demo.md b/docs/content/get_started/about/demo.md new file mode 100644 index 00000000000..4f945ff5905 --- /dev/null +++ b/docs/content/get_started/about/demo.md @@ -0,0 +1,20 @@ +--- +title: "Online Demo" +description: "There is DefectDojo demo site running the latest officially released version" +draft: false +weight: 6 +--- + +Two online demos are available for DefectDojo. Both come pre-loaded with data and are fully functional, running the latest version of DefectDojo. + +Demo servers are reset on a daily basis, and are publicly accessible; do not put sensitive data in the demo. + +### 🔸 DefectDojo Pro Demo +DefectDojo Pro can be tested at [pro.demo.defectdojo.org](https://pro.demo.defectdojo.org) + +Log in with `admin / 1Defectdojo@demo#appsec`. + +### 🔹 DefectDojo Community Edition Demo +Our community edition can be tested at [demo.defectdojo.org](https://demo.defectdojo.org) + +Log in with `admin / 1Defectdojo@demo#appsec`. diff --git a/docs/content/en/about_defectdojo/faq.md b/docs/content/get_started/about/faq.md similarity index 55% rename from docs/content/en/about_defectdojo/faq.md rename to docs/content/get_started/about/faq.md index f94ebceab3d..4f668222763 100644 --- a/docs/content/en/about_defectdojo/faq.md +++ b/docs/content/get_started/about/faq.md @@ -12,7 +12,7 @@ Here are some frequently asked questions about working with DefectDojo - both in ### How should I organize my security testing in DefectDojo? -While DefectDojo can support any security or testing environment, everyone’s security team and operations look different, so there’s no one-size-fits-all approach to using it. We have a very detailed article on [common use cases](/en/about_defectdojo/examples_of_use) that has examples of how different organizations apply RBAC and the DefectDojo data model to support their needs. +While DefectDojo can support any security or testing environment, everyone’s security team and operations look different, so there’s no one-size-fits-all approach to using it. We have a very detailed article on [common use cases](/get_started/common_use_cases/common_use_cases/) that has examples of how different organizations apply RBAC and the DefectDojo data model to support their needs. ### What are the recommended workflows for security testing in DefectDojo? @@ -20,9 +20,9 @@ DefectDojo is meant to be the central source of truth for your organization's se - Allowing users to identify duplicate findings across scans and tools, minimizing alert fatigue. - Enforcing SLAs on vulnerabilities, ensuring that your organization handles each Finding within an appropriate timeframe. -- Sending tickets to [Jira](/en/share_your_findings/jira_guide/), ServiceNow or other Project Tracking software, allowing your development team to integrate issue remediation into their standard release process without requiring them to learn another project management tool. -- Integrating into automated [CI/CD pipelines](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling/) to automatically ingest report data from repositories, even down to the branch level. -- Creating [reports](/en/share_your_findings/pro_reports/using_the_report_builder/) on any set of vulnerabilities or software context, to quickly share scan results or status updates with stakeholders. +- Sending tickets to [Jira](/issue_tracking/jira/jira_guide/), ServiceNow or other Project Tracking software, allowing your development team to integrate issue remediation into their standard release process without requiring them to learn another project management tool. +- Integrating into automated [CI/CD pipelines](/import_data/import_scan_files/api_pipeline_modelling/) to automatically ingest report data from repositories, even down to the branch level. +- Creating [reports](/metrics_reports/reports/using_the_report_builder/) on any set of vulnerabilities or software context, to quickly share scan results or status updates with stakeholders. - Establishing acceptance and mitigation workflows, supporting formal risk-management tracking. @@ -32,36 +32,34 @@ DefectDojo is designed to support and standardize your current security workflow DefectDojo Pro expands on the above workflows further, adding: -- An [improved UI](/en/about_defectdojo/ui_pro_vs_os/) designed for speed and efficiency when navigating through enterprise-level data volumes. It also includes a dark mode. -- The ability to [pre-triage your Findings](/en/working_with_findings/finding_priority/) by Priority and Risk, allowing your team to identify and fix your most critical issues first. -- A [Rules Engine](/en/customize_dojo/rules_engine/) to script automated bulk actions and build custom workflows to handle Findings and other objects, no programming experience required. -- [Enhanced report and metrics generation capabilities](/en/about_defectdojo/ui_pro_vs_os/#new-dashboards) to easily share the security posture of your apps and repos. -- [Advanced deduplication settings](/en/working_with_findings/finding_deduplication/tune_deduplication/) to fine-tune how DefectDojo identifies and manages duplicate findings. +- An [improved UI](/get_started/about/ui_pro_vs_os/) designed for speed and efficiency when navigating through enterprise-level data volumes. It also includes a dark mode. +- The ability to [pre-triage your Findings](/asset_modelling/hierarchy/pro__priority_sla/) by Priority and Risk, allowing your team to identify and fix your most critical issues first. +- A [Rules Engine](/automation/rules_engine/about) to script automated bulk actions and build custom workflows to handle Findings and other objects, no programming experience required. +- [Enhanced report and metrics generation capabilities](/get_started/about/ui_pro_vs_os/#new-dashboards) to easily share the security posture of your apps and repos. +- [Advanced deduplication settings](/triage_findings/finding_deduplication/pro__deduplication_tuning/) to fine-tune how DefectDojo identifies and manages duplicate findings. - Streamlined import capabilities, such as: - An optimized upload method which processes Findings in the background. - - The ability to quickly build a [command-line pipeline](/en/connecting_your_tools/external_tools/) using our Universal Importer and DefectDojo CLI apps, allowing you to easily import, reimport, and export data to your DefectDojo Pro instance. - - A [Universal Parser](/en/connecting_your_tools/parsers/universal_parser/) to turn any .json or .csv report into an actional set of Findings and have DefectDojo Pro will parse the data however you like. - - [Connectors](/en/connecting_your_tools/connectors/about_connectors/), which provide an instant connection to supported tools to import new Finding data so you can get an automated Import pipeline established without the need to set up any API calls or cron jobs. - -Further information regarding DefectDojo Pro’s capabilities can be found [here](/en/about_defectdojo/pro_features/). + - The ability to quickly build a [command-line pipeline](/import_data/pro/specialized_import/external_tools/) using our Universal Importer and DefectDojo CLI apps, allowing you to easily import, reimport, and export data to your DefectDojo Pro instance. + - A [Universal Parser](/import_data/pro/specialized_import/universal_parser/) to turn any .json or .csv report into an actional set of Findings and have DefectDojo Pro will parse the data however you like. + - [Connectors](/import_data/pro/connectors/about_connectors/), which provide an instant connection to supported tools to import new Finding data so you can get an automated Import pipeline established without the need to set up any API calls or cron jobs. ### How does DefectDojo handle access control? -DefectDojo can be used by large teams, and setting up [RBAC (Rule Based Access Control)](/en/customize_dojo/user_management/about_perms_and_roles/) is highly recommended, both to properly establish context for each team member, and to control access to certain parts of Infrastructure. +DefectDojo can be used by large teams, and setting up [RBAC (Rule Based Access Control)](/admin/user_management/about_perms_and_roles/) is highly recommended, both to properly establish context for each team member, and to control access to certain parts of Infrastructure. -Role and permission assignment generally happens at the Product Type / Product level. Each team member can be assigned to one or more Products or Product Types, and can be given a role which governs how they can interact with the vulnerability data within (read only, read-write, or full control). For more information, see our [RBAC guide](/en/customize_dojo/user_management/about_perms_and_roles/). +Role and permission assignment generally happens at the Product Type / Product level. Each team member can be assigned to one or more Products or Product Types, and can be given a role which governs how they can interact with the vulnerability data within (read only, read-write, or full control). For more information, see our [RBAC guide](/admin/user_management/about_perms_and_roles/). ### How does DefectDojo handle access control for a team of users? -Whether you’re a one-person security team for a small organization or a CISO overseeing a swath of software projects,you can easily organize [Role-Based Access Control (RBAC)](/en/customize_dojo/user_management/about_perms_and_roles/) in order to properly establish context for each team member and control access to certain parts of Infrastructure. +Whether you’re a one-person security team for a small organization or a CISO overseeing a swath of software projects,you can easily organize [Role-Based Access Control (RBAC)](/admin/user_management/about_perms_and_roles/) in order to properly establish context for each team member and control access to certain parts of Infrastructure. -Generally, role and permission assignment happens at the [Product Type/Product level](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/). Each team member can be given a role pertaining to one or more Products or Product Types that governs how they can interact with the vulnerability data within (e.g., read only, read-write, or full control). +Generally, role and permission assignment happens at the [Product Type/Product level](/asset_modelling/hierarchy/product_hierarchy/). Each team member can be given a role pertaining to one or more Products or Product Types that governs how they can interact with the vulnerability data within (e.g., read only, read-write, or full control). ## Import Workflows ### What tools are supported by DefectDojo? -DefectDojo supports reports from [over 200](/en/connecting_your_tools/parsers/) commercial and open-source security security tools. +DefectDojo supports reports from [over 200](/supported_tools/) commercial and open-source security security tools. If you're looking to add a new tool to your suite, we have a list of recommended Open-Source tools which you can check out [here](https://defectdojo.com/blog/announcing-the-defectdojo-open-source-security-awards). @@ -69,8 +67,8 @@ If you're looking to add a new tool to your suite, we have a list of recommended There are two different methods to import a single report from a security tool: -- **[Import](/en/connecting_your_tools/import_scan_files/import_scan_ui/)** handles the report as a single point-in-time record. Importing a report creates a Test containing the resulting Findings. -- **[Reimport](/en/connecting_your_tools/import_scan_files/using_reimport/)** is used to update an existing Test with a new set of results. If you have a more open-ended approach to your testing process, you can continuously Reimport the latest version of your report to an existing Test. DefectDojo will compare the results of the incoming report to your existing data, record any changes, and then adjust the Findings in the Test to match the latest report. +- **Import** handles the report as a single point-in-time record. Importing a report creates a Test containing the resulting Findings. +- **[Reimport](/import_data/import_intro/import_vs_reimport/)** is used to update an existing Test with a new set of results. If you have a more open-ended approach to your testing process, you can continuously Reimport the latest version of your report to an existing Test. DefectDojo will compare the results of the incoming report to your existing data, record any changes, and then adjust the Findings in the Test to match the latest report. To understand the difference, it’s helpful to think of Import as recording a single instance of a scan event, and Reimport as updating a continual record of scanning. @@ -82,11 +80,11 @@ Generally speaking, if a point-in-time report is what you need, Import is the be ### How can I troubleshoot Import errors? -DefectDojo supports a wide variety of tools. If you’re seeing inconsistent behavior when importing a report, we recommend checking if the file structure matches what the tool is expecting. See our [Parser List](/en/connecting_your_tools/parsers/) to confirm that your tool is supported, and check to make sure that the file format matches what the tool expects. You can also compare the structure to our Unit Tests. +DefectDojo supports a wide variety of tools. If you’re seeing inconsistent behavior when importing a report, we recommend checking if the file structure matches what the tool is expecting. See our [Parser List](/supported_tools/) to confirm that your tool is supported, and check to make sure that the file format matches what the tool expects. You can also compare the structure to our Unit Tests. DefectDojo Pro has a Universal Parser import method which allows you to handle any JSON, CSV or XML file. DefectDojo OS users can write custom parsers for the same purpose. -Finally, third-party report formats have been known to change without warning: Our OS community greatly appreciates [PRs and contributions](/en/open_source/contributing/how-to-write-a-parser/) to keep our parsers up to date. +Finally, third-party report formats have been known to change without warning: Our OS community greatly appreciates [PRs and contributions](/open_source/contributing/how-to-write-a-parser/) to keep our parsers up to date. ### How should I handle large scan files? @@ -98,9 +96,9 @@ DefectDojo Pro can process reports in the background. However, files still need ### How do I connect a CI/CD pipeline to DefectDojo? -Many of DefectDojo's core features can be completely automated. CI/CD (or any kind of automated import) can be handled by calling the [DefectDojo REST API](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling/). +Many of DefectDojo's core features can be completely automated. CI/CD (or any kind of automated import) can be handled by calling the [DefectDojo REST API](/import_data/import_scan_files/api_pipeline_modelling/). -**DefectDojo Pro** users also have access to the **Universal Importer / DefectDojo CLI** [command-line tools](/en/connecting_your_tools/external_tools/), which can be installed to run in many automated environments. +**DefectDojo Pro** users also have access to the **Universal Importer / DefectDojo CLI** [command-line tools](/import_data/pro/specialized_import/external_tools/), which can be installed to run in many automated environments. ## Finding Management @@ -108,14 +106,14 @@ Many of DefectDojo's core features can be completely automated. CI/CD (or any k Findings can have many statuses. A status of Active or Inactive is always set on a Finding, while other statuses such as Verified, False Positive, or Out Of Scope can be applied at your discretion. -These statuses are described in more detail in our [Finding Status Definitions](/en/working_with_findings/findings_workflows/finding_status_definitions/) guide, along with information about how they can be used. +These statuses are described in more detail in our [Finding Status Definitions](/triage_findings/findings_workflows/finding_status_definitions/) guide, along with information about how they can be used. ### How can I delete Findings from DefectDojo? Generally speaking, we recommend retaining Closed Findings as ‘Inactive’ rather than deleting them outright, as it’s important to maintain historical records in AppSec work. Deleting a Finding will remove all notes and metric-tracking from that Finding outright, which can lead to inaccurate reports or an incomplete archive. Findings from DefectDojo can be deleted in a few ways: -- By running a [Bulk Delete](/en/working_with_findings/findings_workflows/editing_findings/#bulk-delete-findings) action on the Findings that you want to delete +- By running a [Bulk Delete](/triage_findings/findings_workflows/editing_findings/#bulk-delete-findings) action on the Findings that you want to delete - By calling `DELETE /findings/{id}` through the API - By deleting a parent object, such as a Test, Engagement, Product Type or Product. - Note that subclasses are not preserved independently of their parent object: Deleting a parent object such as a Product Type will delete any Products, Engagements, Tests, Findings, and Endpoints within the Product Type. Conversely, deleting an Engagement will preserve the Products, and Product Types that precede it. @@ -124,12 +122,12 @@ Findings from DefectDojo can be deleted in a few ways: ### How can I generate a report in DefectDojo? -You can quickly create a customized report in DefectDojo using the [Report Builder](/en/share_your_findings/pro_reports/using_the_report_builder/). +You can quickly create a customized report in DefectDojo using the [Report Builder](/metrics_reports/reports/using_the_report_builder/). -DefectDojo Pro users also have access to [executive-level Metrics dashboards](/en/about_defectdojo/ui_pro_vs_os/#new-dashboards) that can report on Product Types, Products or other data in real-time. +DefectDojo Pro users also have access to [executive-level Metrics dashboards](/get_started/about/ui_pro_vs_os/#new-dashboards) that can report on Product Types, Products or other data in real-time. ### How can I integrate a project management tool with DefectDojo? -In both Pro and Open-Source editions of DefectDojo, Findings in DefectDojo can be pushed to Jira as Issues, which allows you to integrate issue remediation with your development team. We have a [complete guide to Jira](/en/share_your_findings/jira_guide/) written which describes the process in detail. +In both Pro and Open-Source editions of DefectDojo, Findings in DefectDojo can be pushed to Jira as Issues, which allows you to integrate issue remediation with your development team. We have a [complete guide to Jira](/issue_tracking/jira/jira_guide/) written which describes the process in detail. -DefectDojo Pro adds support for [Additional Project Tracking Integrations](/en/share_your_findings/integrations/)**: ServiceNow, Azure DevOps, GitHub and GitLab. \ No newline at end of file +DefectDojo Pro adds support for [Additional Project Tracking Integrations](/issue_tracking/intro/intro/)**: ServiceNow, Azure DevOps, GitHub and GitLab. \ No newline at end of file diff --git a/docs/content/en/about_defectdojo/ui_pro_vs_os.md b/docs/content/get_started/about/ui_pro_vs_os.md similarity index 64% rename from docs/content/en/about_defectdojo/ui_pro_vs_os.md rename to docs/content/get_started/about/ui_pro_vs_os.md index 99378ee987b..93bb7204886 100644 --- a/docs/content/en/about_defectdojo/ui_pro_vs_os.md +++ b/docs/content/get_started/about/ui_pro_vs_os.md @@ -3,7 +3,7 @@ title: "🎨 Pro UI Changes" description: "Working with different UIs in DefectDojo" draft: "false" weight: 5 -pro-feature: true +audience: pro --- In late 2023, DefectDojo Inc. released a new UI for DefectDojo Pro, which is now the default UI for this edition. @@ -12,7 +12,7 @@ The Pro UI brings the following enhancements to DefectDojo: - Modern and sleek design using Vue.js. - Optimized data delivery and load times, especially for large datasets. -- Access to new Pro features, including [API Connectors](/en/connecting_your_tools/connectors/about_connectors/), [Universal Importer](/en/connecting_your_tools/external_tools/), and [Pro Metrics](https://docs.defectdojo.com/en/customize_dojo/dashboards/pro_dashboards/) views. +- Access to new Pro features, including [API Connectors](/import_data/pro/connectors/about_connectors/), [Universal Importer](/import_data/pro/specialized_import/external_tools/), and [Pro Metrics](https://docs.defectdojo.com/metrics_reports/pro_metrics/pro__overview/) views. - Improved UI workflows: better filtering, dashboards, and navigation. ## Switching To The Pro UI @@ -27,17 +27,17 @@ To access the Pro UI, open your User Options menu from the top-right hand corner 1. The **Sidebar** has been reorganized into four parent categories: Dashboards, Import, Manage, and Settings. -2. The Homepage, [AI-powered native API connection capabilities](/en/ai/mcp_server_pro/), Pro Metrics, and the Calendar view are all accessible under Dashboards. +2. The Homepage, [AI-powered native API connection capabilities](/metrics_reports/ai/mcp_server_pro/), Pro Metrics, and the Calendar view are all accessible under Dashboards. -4. Import methods can be found in the Import section: set up [API Connectors](/en/connecting_your_tools/connectors/about_connectors/), use the [Import Scan](/en/connecting_your_tools/import_scan_files/import_scan_ui/) form to Add Findings, use [Smart Upload](/en/connecting_your_tools/import_scan_files/smart_upload/) to handle infrastructure scanning tools, or use our external tools—[Universal Importer and DefectDojo CLI](/en/connecting_your_tools/external_tools/)—to streamline both the import and reimport processes of Findings and associated objects. +4. Import methods can be found in the Import section: set up [API Connectors](/import_data/pro/connectors/about_connectors/), use the [Add Findings](/import_data/import_scan_files/pro__import_scan_ui/) form to Add Findings, use [Smart Upload](/import_data/pro/specialized_import/smart_upload/) to handle infrastructure scanning tools, or use our external tools—[Universal Importer and DefectDojo CLI](/import_data/pro/specialized_import/external_tools/)—to streamline both the import and reimport processes of Findings and associated objects. -5. The **Manage** section allows you to view different objects in the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/), with views for Product Types, Products, Engagements, Tests, Findings, Risk Acceptances, Endpoints, and Components. There are additional sections for generating reports (Report Builder), using surveys (Surveys), as well as a [Rules Engine](/en/customize_dojo/rules_engine/). +5. The **Manage** section allows you to view different objects in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/), with views for Product Types, Products, Engagements, Tests, Findings, Risk Acceptances, Endpoints, and Components. There are additional sections for generating reports (Report Builder), using surveys (Surveys), as well as a [Rules Engine](/automation/rules_engine/about/). 5. The **Settings** section allows you to configure your DefectDojo instance, including your Integrations, License, Cloud Settings, Users, Feature Configuration and admin-level Enterprise Settings. 6. The **Pro Settings** section contains the System Settings, Banner Settings, Notification Settings, Jira Instances, Deduplication Settings, and Authentication Settings, including SAML, OIDC, OAuth, Login, and MFA forms. -7. The Pro UI also has a **new table format**, used in the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/) to help with navigation. Each column can be clicked on to apply a relevant filter, and columns can be reordered to present data however you like. +7. The Pro UI also has a **new table format**, used in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/) to help with navigation. Each column can be clicked on to apply a relevant filter, and columns can be reordered to present data however you like. 8. The table also has a **"Toggle Columns"** menu which can add or remove columns from the table. diff --git a/docs/content/get_started/common_use_cases/_index.md b/docs/content/get_started/common_use_cases/_index.md new file mode 100644 index 00000000000..d5fc6b6ba1e --- /dev/null +++ b/docs/content/get_started/common_use_cases/_index.md @@ -0,0 +1,5 @@ +--- +title: "Common Use Cases" +date: 2021-02-02T20:46:29+01:00 +weight: 8 +--- diff --git a/docs/content/en/about_defectdojo/examples_of_use.md b/docs/content/get_started/common_use_cases/common_use_cases.md similarity index 90% rename from docs/content/en/about_defectdojo/examples_of_use.md rename to docs/content/get_started/common_use_cases/common_use_cases.md index 450d28304b7..de2d3c143e5 100644 --- a/docs/content/en/about_defectdojo/examples_of_use.md +++ b/docs/content/get_started/common_use_cases/common_use_cases.md @@ -1,5 +1,5 @@ --- -title: "💡 Common Use Cases" +title: "Common Use Cases" description: "Use Cases and examples" draft: "false" weight: 2 @@ -15,7 +15,6 @@ DefectDojo is designed to handle any security implementation, no matter your sec ### Large Enterprise: RBAC and Engagements - ‘BigCorp’ is a large multinational enterprise, with a Chief Information Security Officer (CISO) and a centralized IT security group that includes AppSec. Security at BigCorp is highly centralized. Certain things are delegated out to Business Information Security Officers (BISO). @@ -38,14 +37,14 @@ Each of these report categories can be handled by a separate Engagement, with a ![image](images/example_product_hierarchy_bigcorp.png) - If a Product has a CI/CD pipeline, all of the results from that pipeline can be continually imported into a single open-ended Engagement. Each tool used will create a separate Test within the CI/CD Engagement, which can be continuously updated with new data. -(See our guide to [Reimport](/en/connecting_your_tools/import_scan_files/using_reimport/)) +(See our guide to [Reimport](/import_data/import_intro/import_vs_reimport/)) - Each Pen Test effort can have a separate Engagement created to contain all of the results: e.g. "Q1 Pen Test 2024," "Q2 Pen Test 2024," etc. - BigCorp will likely want to run their own mock PCI audit so that they're prepared for the real thing. The results of those audits can also be stored as a separate Engagement. #### RBAC Model - Each BISO has Reader access assigned for each business unit (Product Type) that they're in charge of. -- Each Product Owner has Writer access for the Product that they're in charge of. Within their Product, Product Owners can interact with DefectDojo by keeping notes, setting up [CI/CD pipelines](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling/), creating Risk Acceptances and using other features. +- Each Product Owner has Writer access for the Product that they're in charge of. Within their Product, Product Owners can interact with DefectDojo by keeping notes, setting up [CI/CD pipelines](/import_data/import_scan_files/api_pipeline_modelling/), creating Risk Acceptances and using other features. - Developers at BigCorp have no access to DefectDojo at all, and they don't need it. The Product Owner can push Jira tickets directly from DefectDojo which contain all of the relevant vulnerability information. The developers are already using Jira, so they don't have to track remediation any differently than a different development task. ### Embedded Systems: Version-Controlled Reporting @@ -100,13 +99,13 @@ Key Concerns for Kate's Cloud Service: #### Tagging Shared Services -Because Kate's model contains many shared services that can impact other Products, the team [Tags](/en/working_with_findings/organizing_engagements_tests/tagging_objects/) their Products to indicate which cloud offerings rely on those services. This allows any issues with shared services to be filtered across Products and reported to the relevant teams. Each of these shared services are in a single Product Type that separates them from the main cloud offerings. +Because Kate's model contains many shared services that can impact other Products, the team [Tags](/asset_modelling/tags/tagging_objects/) their Products to indicate which cloud offerings rely on those services. This allows any issues with shared services to be filtered across Products and reported to the relevant teams. Each of these shared services are in a single Product Type that separates them from the main cloud offerings. ![image](images/example_product_hierarchy_microservices.png) Because the company is rapidly growing and tech leads are changing frequently, Kate can use Tags to track which tech lead is currently responsible for each cloud product, avoiding the need for constant manual updates to their DefectDojo system. These tech lead associations are tracked by a service that’s external to DefectDojo and can govern the import pipelines or call the DefectDojo API. -For more information on Tagging, see our guide to [Tags](/en/working_with_findings/organizing_engagements_tests/tagging_objects/). +For more information on Tagging, see our guide to [Tags](/asset_modelling/tags/tagging_objects/). #### RBAC Model @@ -140,7 +139,7 @@ To assist with onboarding new applications, SaaSy software has a standard approa Each of these Products is further subdivided into Engagements, one for the main branch and one for each branch of development. Tests within these Engagements are used to categorize the testing efforts. Development branches have separate Tests which store the results of CI/CD and SCA scans. The Main branch has those as well, but also adds Tests which store Manual Code Review and Threat Model reports. -All of these Tests are open-ended and can be updated on a regular basis using Reimport. [Deduplication](/en/working_with_findings/finding_deduplication/about_deduplication/) is only handled at the Engagement level, which prevents Findings in one Code branch from closing Findings in another. +All of these Tests are open-ended and can be updated on a regular basis using Reimport. [Deduplication](/triage_findings/finding_deduplication/about_deduplication/) is only handled at the Engagement level, which prevents Findings in one Code branch from closing Findings in another. By applying this model consistently, SaaSy has a model that they can apply to any new software acquisition, and the AppSec team can quickly begin monitoring the data to ensure compliance. diff --git a/docs/content/get_started/open_source/_index.md b/docs/content/get_started/open_source/_index.md new file mode 100644 index 00000000000..c2a35d75419 --- /dev/null +++ b/docs/content/get_started/open_source/_index.md @@ -0,0 +1,6 @@ +--- +title: "🔹 DefectDojo Community Edition" +date: 2021-02-02T20:46:29+01:00 +weight: 3 +audience: opensource +--- diff --git a/docs/content/en/open_source/installation/architecture.md b/docs/content/get_started/open_source/architecture.md similarity index 96% rename from docs/content/en/open_source/installation/architecture.md rename to docs/content/get_started/open_source/architecture.md index d3085609844..e34e29d089c 100644 --- a/docs/content/en/open_source/installation/architecture.md +++ b/docs/content/get_started/open_source/architecture.md @@ -1,8 +1,9 @@ --- -title: "Architecture (Open-Source)" +title: "System Architecture" description: "The DefectDojo platform consists of several components that work together closely." draft: false weight: 1 +audience: opensource --- ![image](images/dd-architecture.png) diff --git a/docs/content/en/open_source/installation/configuration.md b/docs/content/get_started/open_source/configuration.md similarity index 98% rename from docs/content/en/open_source/installation/configuration.md rename to docs/content/get_started/open_source/configuration.md index a06d3fe02be..e97709392e4 100644 --- a/docs/content/en/open_source/installation/configuration.md +++ b/docs/content/get_started/open_source/configuration.md @@ -1,8 +1,9 @@ --- -title: "Configuration (Open Source)" +title: "Configuration" description: "DefectDojo is highly configurable." draft: false -weight: 3 +weight: 2 +audience: opensource --- ## dojo/settings/settings.dist.py diff --git a/docs/content/en/open_source/installation/installation.md b/docs/content/get_started/open_source/installation.md similarity index 93% rename from docs/content/en/open_source/installation/installation.md rename to docs/content/get_started/open_source/installation.md index 76345a3801d..105ac4f119a 100644 --- a/docs/content/en/open_source/installation/installation.md +++ b/docs/content/get_started/open_source/installation.md @@ -1,8 +1,9 @@ --- -title: "Installation (Open-Source)" +title: "Installation" description: "DefectDojo supports various installation options." draft: false -weight: 2 +weight: 1 +audience: opensource --- ## **Recommended Options** diff --git a/docs/content/en/open_source/installation/running-in-production.md b/docs/content/get_started/open_source/running-in-production.md similarity index 98% rename from docs/content/en/open_source/installation/running-in-production.md rename to docs/content/get_started/open_source/running-in-production.md index 30404e74046..ef96670d11b 100644 --- a/docs/content/en/open_source/installation/running-in-production.md +++ b/docs/content/get_started/open_source/running-in-production.md @@ -1,8 +1,9 @@ --- -title: "Running in Production (Open Source)" +title: "Running in Production" description: "For use in Production environments, performance tweaks and backups are recommended." draft: false weight: 4 +audience: opensource --- ## Production Use (with Docker compose) diff --git a/docs/content/get_started/pro/cloud/_index.md b/docs/content/get_started/pro/cloud/_index.md new file mode 100644 index 00000000000..8cc4620d4a0 --- /dev/null +++ b/docs/content/get_started/pro/cloud/_index.md @@ -0,0 +1,7 @@ +--- +title: "🔸 DefectDojo Pro (Cloud)" +date: 2021-02-02T20:46:29+01:00 +weight: 3 +collapsed: true +audience: pro +--- diff --git a/docs/content/en/cloud_management/additional-cloud-instance.md b/docs/content/get_started/pro/cloud/additional-cloud-instance.md similarity index 99% rename from docs/content/en/cloud_management/additional-cloud-instance.md rename to docs/content/get_started/pro/cloud/additional-cloud-instance.md index df9d5785564..806fc9cb9b2 100644 --- a/docs/content/en/cloud_management/additional-cloud-instance.md +++ b/docs/content/get_started/pro/cloud/additional-cloud-instance.md @@ -1,7 +1,8 @@ --- title: "Set up an additional Cloud instance" description: "Add a test, dev, or other DefectDojo instance to your account" -weight: 2 +weight: 3 +audience: pro --- The process for adding a second Cloud instance is more or less the same as adding your first instance. This guide assumes you've already set up your initial DefectDojo server, and have an agreement with our Sales team to add another instance. diff --git a/docs/content/en/cloud_management/connectivity-troubleshooting.md b/docs/content/get_started/pro/cloud/connectivity-troubleshooting.md similarity index 99% rename from docs/content/en/cloud_management/connectivity-troubleshooting.md rename to docs/content/get_started/pro/cloud/connectivity-troubleshooting.md index 03d423785e4..ed38ce94939 100644 --- a/docs/content/en/cloud_management/connectivity-troubleshooting.md +++ b/docs/content/get_started/pro/cloud/connectivity-troubleshooting.md @@ -2,6 +2,7 @@ title: "Connectivity Troubleshooting" description: "Reconnect to your DefectDojo Instance" weight: 2 +audience: pro --- If you have difficulty accessing your DefectDojo instance, here are some steps you can follow to get reconnected: diff --git a/docs/content/en/cloud_management/using-cloud-manager.md b/docs/content/get_started/pro/cloud/using-cloud-manager.md similarity index 96% rename from docs/content/en/cloud_management/using-cloud-manager.md rename to docs/content/get_started/pro/cloud/using-cloud-manager.md index 575505bba50..73fe4eca735 100644 --- a/docs/content/en/cloud_management/using-cloud-manager.md +++ b/docs/content/get_started/pro/cloud/using-cloud-manager.md @@ -2,6 +2,8 @@ title: "Using the Cloud Manager" description: "Manage your subscription and account settings" weight: 1 +collapsed: true +audience: pro --- Logging into DefectDojo's Cloud Manager allows you to configure your account settings and manage your subscription with DefectDojo Cloud. @@ -43,7 +45,7 @@ The Resources page contains a Contact Us form, which you can use to get in touch ## Tools -The Tools page is one of the places where you can download external Pro tools, such as Universal Importer or DefectDojo CLI. These tools are external add-ons which can be used to quickly build a command-line import pipeline in your network. For more information about these tools, see the [External Tools](../../connecting_your_tools/external_tools/) documentation. +The Tools page is one of the places where you can download external Pro tools, such as Universal Importer or DefectDojo CLI. These tools are external add-ons which can be used to quickly build a command-line import pipeline in your network. For more information about these tools, see the [External Tools](/import_data/pro/specialized_import/external_tools/) documentation. ![image](images/using_the_cloud_manager_6.png) diff --git a/docs/content/get_started/pro/onprem/_index.md b/docs/content/get_started/pro/onprem/_index.md new file mode 100644 index 00000000000..bd18768e7f3 --- /dev/null +++ b/docs/content/get_started/pro/onprem/_index.md @@ -0,0 +1,6 @@ +--- +title: "🔸 DefectDojo Pro (On-Premise)" +date: 2021-02-02T20:46:29+01:00 +weight: 3 +audience: pro +--- \ No newline at end of file diff --git a/docs/content/get_started/pro/onprem/installation_options.md b/docs/content/get_started/pro/onprem/installation_options.md new file mode 100644 index 00000000000..cc4ae95cde1 --- /dev/null +++ b/docs/content/get_started/pro/onprem/installation_options.md @@ -0,0 +1,10 @@ +--- +title: "Self-Hosting DefectDojo Pro" +date: 2021-02-02T20:46:29+01:00 +weight: 4 +audience: pro +--- + +DefectDojo Pro can be fully self-hosted in your own environment, giving you complete control over your infrastructure, data, and security posture. This deployment option is ideal for organizations with strict compliance, data residency, or internal security requirements, while still delivering all the advanced capabilities of DefectDojo Pro. + +For more information about self-hosting DefectDojo Pro, contact us at [hello@defectdojo.com](mailto:hello@defectdojo.com). diff --git a/docs/content/en/about_defectdojo/pro_features.md b/docs/content/get_started/pro/pro_features.md similarity index 77% rename from docs/content/en/about_defectdojo/pro_features.md rename to docs/content/get_started/pro/pro_features.md index 46eaccb9f0d..afdacfb3e71 100644 --- a/docs/content/en/about_defectdojo/pro_features.md +++ b/docs/content/get_started/pro/pro_features.md @@ -5,6 +5,7 @@ draft: "false" weight: 4 chapter: true exclude_search: true +audience: pro --- Here is a list of DefectDojo Pro’s many additional features, along with links to documentation to see them in action: @@ -20,20 +21,20 @@ See our [Pro UI Guide](../ui_pro_vs_os) for more information. ### Assets/Organizations -DefectDojo Pro allows for improved organizational visualization for large lists of repositories or other business structures. See [Assets/Organizations documentation](/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations/) for details. +DefectDojo Pro allows for improved organizational visualization for large lists of repositories or other business structures. See [Assets/Organizations documentation](/asset_modelling/hierarchy/pro__assets_organizations/) for details. ![image](images/asset_hierarchy_diagram.png) ### Finding Priority DefectDojo Pro can pre-triage your Findings by Priority and Risk, allowing your team to identify and fix your most critical issues first. -See our [Finding Priority Guide](/en/working_with_findings/finding_priority/) for more details. +See our [Finding Priority Guide](/asset_modelling/hierarchy/pro__priority_sla/) for more details. ### Rules Engine DefectDojo Pro's Rules Engine allows you to script automated bulk actions and build custom workflows to handle Findings and other objects, no programming experience required. -See our [Rules Engine Guide](/en/customize_dojo/rules_engine) for more info. +See our [Rules Engine Guide](/automation/rules_engine/about) for more info. ![image](images/rules_engine_4.png) @@ -43,13 +44,13 @@ Generate [instant reports and metrics](../ui_pro_vs_os/#new-dashboards) to share The graphics on the landing page can be exported as SVG files, and the data used to create the graphics can also be exported as a table. -Additionally, DefectDojo Pro includes several new [insights dashboards](/en/about_defectdojo/ui_pro_vs_os/#new-dashboards), offering enhanced metrics for various audiences of your security program. +Additionally, DefectDojo Pro includes several new [insights dashboards](/metrics_reports/pro_metrics/pro__overview/), offering enhanced metrics for various audiences of your security program. ### Deduplication Tuning Advanced Deduplication settings allow you to fine-tune how DefectDojo identifies and manages duplicate findings. Adjust same-tool, **cross-tool**, and reimport Deduplication for precision matching between all your chosen security tools and vulnerability findings. -See our [Deduplication Tuning Guide](/en/working_with_findings/finding_deduplication/tune_deduplication/) for more information. +See our [Deduplication Tuning Guide](/triage_findings/finding_deduplication/pro__deduplication_tuning/) for more information. ![image](images/deduplication_tuning.png) @@ -57,7 +58,7 @@ See our [Deduplication Tuning Guide](/en/working_with_findings/finding_deduplica ### More Import Options -DefectDojo Pro includes four additional import methods: [Universal Importer](/en/connecting_your_tools/external_tools/), [API Connectors](/en/connecting_your_tools/connectors/about_connectors/), [Universal Parser](/supported_tools/parsers/universal_parser/), and [Smart Upload](/en/connecting_your_tools/import_scan_files/smart_upload/). +DefectDojo Pro includes four additional import methods: [Universal Importer](/import_data/pro/specialized_import/external_tools/), [API Connectors](/import_data/pro/connectors/about_connectors/), [Universal Parser](/supported_tools/parsers/universal_parser/), and [Smart Upload](/import_data/pro/specialized_import/smart_upload/). ![image](images/pro_import_methods.png) @@ -70,13 +71,13 @@ For enterprise-level reports, DefectDojo Pro offers an optimized upload method w Quickly build a command-line pipeline to import, reimport, and export data to your DefectDojo Pro instance using our Universal Importer and DefectDojo-CLI apps; no API scripting necessary (available for Windows, Macintosh, or Linux). -See our [External Tools Guide](/en/connecting_your_tools/external_tools/) for more information. +See our [External Tools Guide](/import_data/pro/specialized_import/external_tools/) for more information. ### Connectors DefectDojo can instantly connect to enterprise-level scanning tools to import new Finding data, creating an automated Import pipeline that works out-of-the-box without the need to set up any API calls or cron jobs. -See our [Connectors Guide](/en/connecting_your_tools/connectors/about_connectors/) for more information. +See our [Connectors Guide](/import_data/pro/connectors/about_connectors/) for more information. ![image](images/add_edit_connectors_2.png) @@ -98,7 +99,7 @@ Supported tools for Connectors include: If you’re using an unsupported/customized scanning tool, or just wish that DefectDojo handled a report slightly differently, use DefectDojo Pro's Universal Parser to turn any .json or .csv report into an actionable set of Findings. Your parser will parse and map the data however you like. -See our [Universal Parser Guide](/en/connecting_your_tools/universal_parser/) for more information. +See our [Universal Parser Guide](/import_data/pro/specialized_import/universal_parser//) for more information. ![image](images/universal_parser_3.png) diff --git a/docs/content/en/about_defectdojo/request_a_trial.md b/docs/content/help/contact_sales.md similarity index 99% rename from docs/content/en/about_defectdojo/request_a_trial.md rename to docs/content/help/contact_sales.md index 18cc2094a93..310b262528e 100644 --- a/docs/content/en/about_defectdojo/request_a_trial.md +++ b/docs/content/help/contact_sales.md @@ -1,5 +1,5 @@ --- -title: "Request a DefectDojo Pro Trial" +title: "Contact Sales" description: "How to request and work with a trial of DefectDojo Cloud" draft: "false" weight: 6 diff --git a/docs/content/en/about_defectdojo/contact_defectdojo_support.md b/docs/content/help/contact_support.md similarity index 98% rename from docs/content/en/about_defectdojo/contact_defectdojo_support.md rename to docs/content/help/contact_support.md index 521c2c47c4a..02d8d8c8d9d 100644 --- a/docs/content/en/about_defectdojo/contact_defectdojo_support.md +++ b/docs/content/help/contact_support.md @@ -1,5 +1,5 @@ --- -title: "Get Support" +title: "Contact Support" description: "For Pro users: support@defectdojo.com + other options" draft: "false" pro-feature: true diff --git a/docs/content/help/glossary.md b/docs/content/help/glossary.md new file mode 100644 index 00000000000..45198c57f43 --- /dev/null +++ b/docs/content/help/glossary.md @@ -0,0 +1,75 @@ +--- +title: "Glossary" +weight: 1 +--- + +Below is a simple glossary to help understand DefectDojo's various capabilities, along with an indication of whether each defined feature is present/applicable in the Pro version of DefectDojo, the OS version, or both. + +## Product Hierarchy (Both) +The structural model used to organize security data within DefectDojo, consisting of Organizations → Assets → Engagements → Tests → Findings. +## Organization (Both) +A top-level hierarchical object that serves as the parent object of Assets in DefectDojo Pro. It provides a shared context for governance, access control, and reporting across all child Assets. +## Asset (Both) +A first-class object representing a deployable or logical system entity (e.g., application, host, environment) within Organizations. Assets support parent-child relationships and richer business metadata in the Pro version, but do not support parent-child relationships in the OS version. +### Asset Hierarchy (Pro) +A parent-child relationship model between Assets that enables inheritance of context and aggregation of Findings. +## Engagement (Both) +A scoped security activity representing a testing window, pipeline, or assessment context. +## Test (Both) +A single execution of a scanner or manual assessment within an Engagement. Tests store execution metadata and act as the ingestion point for Findings. +## Service (Both) +An optional sub-object used to attribute Findings to a specific component or interface within an Asset. Services are most useful in OS DefectDojo, as their functionality is replicated and enhanced by Asset Hierarchy in the Pro version. +## Finding (Both) +The most granular vulnerability object in DefectDojo's Product Hierarchy that represents a discrete security issue. +### Finding Status (Both) +The current lifecycle state of a Finding (e.g., Active, Verified, Inactive/Mitigated, Under Review, Risk Accepted, False Positive, Out Of Scope). Finding Status determines inclusion in metrics and dashboards. +### Finding Priority/Risk (Pro) +A calculated or derived value that represents remediation urgency by combining severity with contextual factors such as asset criticality or exploitability. Priority is distinct from raw severity and is used for risk-based decision-making. +### Finding Groups (Both) +A mechanism for grouping related Findings across Organizations, Assets, or tools. Finding Groups enable consolidated analysis and higher-level reporting. +## Endpoint (Both) +A network-reachable location (URL, IP, port) associated with a Finding. Endpoints provide technical exploit context. +## Import (Both) +The process of ingesting scan results or manual findings into DefectDojo, typically by uploading a file or submitting data via the API. During import, DefectDojo parses, normalizes, deduplicates, and associates findings with the appropriate Asset, Engagement, Test, and related objects. +## Reimport (Both) +The action of ingesting new scan results into an existing Test. Reimporting updates Finding states based on presence or absence in new data. +## Deduplication (Both) +The process of correlating incoming Findings with existing ones using hashes and matching logic, enabling historical tracking across scan executions. +## False Positive (Both) +A Finding state indicating the issue is invalid or non-exploitable. False positives are retained for auditability but excluded from risk calculations. +## Risk Acceptance (Both) +A workflow state indicating an acknowledged but unresolved Finding. Accepted risks remain visible but are excluded from SLA enforcement. +## Metadata (Both) +Key data attached to Tests or Findings, such as branch name or build ID, commonly supplied via CI/CD pipelines. +## CI/CD Integration (Both) +Automated ingestion of scan results during build or deployment workflows. Integrations typically rely on the API and importer framework. +## API (Both) +A RESTful interface used to programmatically manage DefectDojo objects. The API is the primary mechanism for automation and pipeline integration. +## Webhook (Pro) +An outbound HTTP callback triggered by specific events (e.g., Finding creation). Webhooks enable real-time integration with external systems. +## SLA Configuration (Pro) +Policy definitions that assign remediation deadlines based on severity or risk attributes. SLAs enable enforcement and performance measurement. +## User Role (Both) +A permission set defining allowed actions within DefectDojo. Roles enforce access control across Assets and Engagements. +## Universal Importer (Pro) +A flexible ingestion mechanism that allows scan data to be imported without a tool-specific importer. It relies on normalized field mapping rather than predefined scanner schemas. +## DefectDojo-CLI (Pro) +A command-line interface used to interact with DefectDojo programmatically. The CLI is commonly used in CI/CD pipelines to automate scan uploads and object management. +## API Connectors (Pro) +Prebuilt, managed integrations that connect DefectDojo with external platforms (e.g., ticketing, messaging, or DevOps tools). API Connectors reduce the need for custom scripting. +## Universal Parser (Pro) +A generalized parsing engine used by the Universal Importer to interpret incoming scan data. It applies consistent normalization and deduplication logic across unsupported formats. +## Smart Upload (Pro) +An intelligent ingestion workflow that automatically determines how scan results should be mapped to Assets or Engagements, reducing manual configuration during import. +## Executive Insights (Pro) +High-level, business-oriented analytics designed for leadership audiences, focusing on trends, exposure, and program health rather than individual Findings. +## Priority Insights (Pro) +Analytical views that surface the most critical risks based on priority scoring rather than severity alone, supporting risk-based remediation planning. +## Program Insights (Pro) +Metrics and visualizations that evaluate the effectiveness and maturity of a security program over time. Program Insights emphasize trends, coverage, and operational performance. +## Tool Insights (Pro) +Analytics focused on scanner performance, coverage, and contribution to Findings, helping teams optimize tool usage and reduce noise. +## Rules Engine (Pro) +A policy-driven automation system that applies conditional logic to Findings during ingestion or lifecycle events, automating severity changes, assignments, or workflows. +## Integrations (Both) +Connections between DefectDojo and external tools or platforms for data ingestion, notification, or workflow automation. Pro includes deeper, managed integrations beyond basic importers and API usage. diff --git a/docs/content/en/connecting_your_tools/_index.md b/docs/content/import_data/_index.md similarity index 100% rename from docs/content/en/connecting_your_tools/_index.md rename to docs/content/import_data/_index.md diff --git a/docs/content/en/cloud_management/_index.md b/docs/content/import_data/import_intro/_index.md similarity index 73% rename from docs/content/en/cloud_management/_index.md rename to docs/content/import_data/import_intro/_index.md index 6c620388cfc..1e3dadb4c45 100644 --- a/docs/content/en/cloud_management/_index.md +++ b/docs/content/import_data/import_intro/_index.md @@ -1,11 +1,11 @@ --- -title: "☁️ DefectDojo Cloud" -description: "Manage Your DefectDojo subscription" +title: "Introduction" +description: "Use DefectDojo's Import / Reimport to ingest data and build a pipeline" summary: "" date: 2023-09-07T16:06:50+02:00 lastmod: 2023-09-07T16:06:50+02:00 draft: false -weight: 6 +weight: 1 chapter: true seo: title: "" # custom title (optional) diff --git a/docs/content/en/connecting_your_tools/import_intro.md b/docs/content/import_data/import_intro/comparison.md similarity index 60% rename from docs/content/en/connecting_your_tools/import_intro.md rename to docs/content/import_data/import_intro/comparison.md index 44eb8fd2b44..3135fc227e5 100644 --- a/docs/content/en/connecting_your_tools/import_intro.md +++ b/docs/content/import_data/import_intro/comparison.md @@ -12,46 +12,27 @@ When DefectDojo receives a vulnerability report from a security tool, it will cr There are two main ways that DefectDojo can upload Finding reports. -* Via direct **import** through the UI: [Import Scan Form](../import_scan_files/import_scan_ui) -* Via **API** endpoint (allowing for automated data ingestion): See [API Docs](https://docs.defectdojo.com/en/api/api-v2-docs/) +* Via direct **import** through the UI +* Via **API** endpoint (allowing for automated data ingestion): See [API Docs](/automation/api/api-v2-docs/) #### DefectDojo Pro Methods DefectDojo Pro users have an additional three methods to handle reports and data: -* Via **Universal Importer** or **DefectDojo CLI**, command line tools which leverage the DefectDojo API: See [External Tools](../external_tools/) -* Via **Connectors** for certain tools, an ‘out of the box’ data integration: See [Connectors Guide](../connectors/about_connectors/) -* Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans: See [Smart Upload Guide](../import_scan_files/smart_upload/) +* Via **Universal Importer** or **DefectDojo CLI**, command line tools which leverage the DefectDojo API: See [Universal Importer & DefectDojo-CLI guides](/import_data/pro/specialized_import/external_tools/) +* Via **Connectors** for certain tools, an ‘out of the box’ data integration: See [Connectors Guide](/import_data/pro/connectors/about_connectors/) +* Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans: See [Smart Upload Guide](/import_data/pro/specialized_import/smart_upload/) ### Comparing Upload Methods | | **UI Import** | **API** | **Connectors** (Pro) | **Smart Upload** (Pro)| | --- | --- | --- | --- | --- | | **Supported Scan Types** | All: see [Supported Tools](/supported_tools/) | All: see [Supported Tools](/supported_tools/) | Anchore, AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable, Wiz | Nexpose, NMap, OpenVas, Qualys, Tenable | -| **Automation?** | Available via API: `/reimport` `/import` endpoints | Triggered from [CLI Importer](../external_tools) or external code | Connectors is an inherently automated feature | Available via API: `/smart_upload_import` endpoint | +| **Automation?** | Available via API: `/reimport` `/import` endpoints | Triggered from [CLI Tools](/import_data/pro/specialized_import/external_tools/) or external code | Connectors is an inherently automated feature | Available via API: `/smart_upload_import` endpoint | ### Product Hierarchy and organization Each of these methods can create Product Hierarchy on the spot. Product Hierarchy refers to DefectDojo’s Product Types, Products, Engagements or Tests: objects in DefectDojo which help organize your data into relevant context. * **Vulnerability data can be imported into an existing Product Hierarchy**. Product Types, Products, Engagements and Tests can all be created in advance, and then data can be imported to that location in DefectDojo. -* **The contextual Product Hierarchy can be created at the time of import.** When importing a report, you can create a new Product Type, Product, Engagement and/or Test. This is handled by DefectDojo through the ‘auto\-create context’ option. - -## Using Import Methods (Pro UI) - -In DefectDojo Pro, all of these methods can be accessed from the **Import** section of the sidebar. - -![image](images/pro_import_sidebar.png) - -The Pro UI allows you to create Product Types, Products and Engagements directly from the Import Scan form, so these objects are not required. - -## Using Import Methods (Classic UI / Open Souce) - -In DefectDojo OS, you can access the [Import Scan Form](../import_scan_files/import_scan_ui) from two locations: - -* The Tests section of an Engagement: - ![image](images/import_scan_os.png) -* The Findings section of the navigation bar on a Product: - ![image](images/import_scan_os_2.png) - -DefectDojo OS requires you to set up one or more Products / Product Types before you can import data through the UI. See our article on [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/) for more information. +* **The contextual Product Hierarchy can be created at the time of Import.** When importing a report, you can create a new Product Type, Product, Engagement and/or Test. This is handled by DefectDojo through the ‘auto-create context’ option. In DefectDojo OS, this option can only be accessed through the API. UI imports in DefectDojo OS will require Product Hierarchy to be created first. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/import_data/import_intro/import_vs_reimport.md similarity index 96% rename from docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md rename to docs/content/import_data/import_intro/import_vs_reimport.md index c702099f7bc..c73e84c86dd 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md +++ b/docs/content/import_data/import_intro/import_vs_reimport.md @@ -1,6 +1,6 @@ --- -title: "Add new Findings to a Test via Reimport" -description: "" +title: "Import vs Reimport" +description: "Learn how to import data manually, through the API, or via a connector" weight: 2 --- @@ -83,4 +83,4 @@ This header indicates the actions taken by an Import/Reimport. Note that the /reimport API endpoint can both **extend an existing Test** (apply the method in this article) **or create a new Test** with new data \- an initial call to `/import`, or setting up a Test in advance is not required. -To learn more about creating an automated CI/CD pipeline using DefectDojo, see our guide [here](../api_pipeline_modelling). +To learn more about creating an automated CI/CD pipeline using DefectDojo, see our guide [here](/automation/api/api-v2-docs/). diff --git a/docs/content/import_data/import_scan_files/OS__create_findings_manually.md b/docs/content/import_data/import_scan_files/OS__create_findings_manually.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/docs/content/import_data/import_scan_files/OS__import_scan_ui.md b/docs/content/import_data/import_scan_files/OS__import_scan_ui.md new file mode 100644 index 00000000000..b3f07b6d5ab --- /dev/null +++ b/docs/content/import_data/import_scan_files/OS__import_scan_ui.md @@ -0,0 +1,71 @@ +--- +title: "Import Scan form" +description: "" +weight: 1 +audience: opensource +--- + +Once you have your Product Hierarchy set up with at least one Product Type, Product, Test and Engagement, you can import a scan file to DefectDojo and create Findings. + +It’s easy to reorganize your Product Hierarchy in DefectDojo, so it’s ok if you’re not sure how to set things up yet. + +For now, it’s good to know that **Engagements** can store data from multiple tools, which can be useful if you’re running different tools concurrently as part of a single testing effort. + +## Accessing the Import Scan Form (Classic UI / Open Source) + +In DefectDojo OS, you can access this form from two locations: + +* The Tests section of an Engagement: + ![image](images/import_scan_os.png) +* The Findings section of the navigation bar on a Product: + ![image](images/import_scan_os_2.png) + +## Completing the Import Scan Form + +![image](images/import_scan_ui.png) +The Import Scan form will create a new Test nested under an Engagement, which will contain a unique Finding for each vulnerability contained within your scan file. + +The Test will be created with a name that matches the Scan Type: e.g. a Tenable scan will be titled ‘Tenable Scan’. + +### Form Options + +* **Scan File:** by clicking on the Choose button, you can select a file from your computer to upload. +* **Scan Date (optional):** if you want to select a single Scan Date to be applied to all Findings that result from this import, you can select the date in this field. +If you do not select a Scan Date, Findings created from this report will use the date specified by the tool. SLAs for each Finding will be calculated based on their date. +* **Scan Type:** select the tool used to create this data. +* **Environment:** select an Environment that corresponds to the data you’re uploading. +* **Tags:** if you want to use tags to further organize your Test data, you can add Tags using this form. Type in the name of the tag you want to create, and press Enter on your keyboard to add it to the list of tags. + +### Optional Fields + +* **Minimum Severity**: If you only want to create Findings for a particular Severity level and above, you can select the minimum Severity level here. All vulnerabilities with lower severity than this field will be ignored. +* **Active**: if you want to set all of the incoming Findings to either Active or Inactive, you can specify that here. Otherwise, DefectDojo will use the tool’s vulnerability data to determine whether the Finding is Active or Inactive. This option is relevant if you need your team to manually triage and verify Findings from a particular tool. +* **Verified**: as with Active you can set the new set of Findings to either Verified or Unverified by default. This depends on your workflow preferences. For example, if your team prefers to assume Findings are verified unless proven otherwise, you can set this field to True. +* **Version, Branch Tag, Commit Hash, Build ID, Service** can all be specified if you want to include these details in the Test. +* **Source Code Management URI** can also be specified. This form option must be a valid URI. +* **Group By:** if you want to create Finding Groups out of this File, you can specify the grouping method here. + +### Triage-less scanners: Do Not Reactivate field + +Some scanners might not include triage information in their reports (e.g. tfsec). They simply scan code or dependencies, flag issues, and return everything, regardless of whether a vulnerability has already been triaged or not. + +To handle this case, DefectDojo also includes a "Do not reactivate" checkbox in uploading reports (also in the reimport API), so you can use DefectDojo as the source of truth for triage, instead of reactivating your triaged Findings on each import / reimport. + +### Using the Scan Completion Date (API: `scan_date`) field + +DefectDojo offers a plethora of supported scanner reports, but not all of them contain the +information most important to a user. The `scan_date` field is a flexible smart feature that +allows users to set the completion date of the a given scan report, and have it propagate +down to all the findings imported. This field is **not** mandatory, but the default value for +this field is the date of import (whenever the request is processed and a successful response is returned). + +Here are the following use cases for using this field: + +1. The report **does not** set the date, and `scan_date` is **not** set at import + - Finding date will be the default value of `scan_date` +2. The report **sets** the date, and the `scan_date` is **not** set at import + - Finding date will be whatever the report sets +3. The report **does not** set the date, and the `scan_date` is **set** at import + - Finding date will be whatever the user set for `scan_date` +4. The report **sets** the date, and the `scan_date` is **set** at import + - Finding date will be whatever the user set for `scan_date` diff --git a/docs/content/import_data/import_scan_files/PRO__create_findings_manually.md b/docs/content/import_data/import_scan_files/PRO__create_findings_manually.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md b/docs/content/import_data/import_scan_files/PRO__import_scan_ui.md similarity index 93% rename from docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md rename to docs/content/import_data/import_scan_files/PRO__import_scan_ui.md index dac6195a6d3..741f850c6fa 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md +++ b/docs/content/import_data/import_scan_files/PRO__import_scan_ui.md @@ -1,7 +1,8 @@ --- -title: "Import Scan Form" +title: "Add Findings form" description: "" weight: 1 +audience: pro --- If you have a brand new DefectDojo instance, the Import Scan Form is a logical first step to learn the software and set up your environment. From this form, you upload a scan file from a supported tool, which will create Findings to represent those vulnerabilities. While filling out the form, you can decide whether to: @@ -17,22 +18,12 @@ For now, it’s good to know that **Engagements** can store data from multiple t The Import Scan form can be accessed from multiple locations: -1. Via the **Import \> Add Findings** menu option on the sidebar +1. Via the **Import > Add Findings** menu option on the sidebar 2. From a **Product’s** **‘⋮’ (horizontal dots) Menu**, from a **Products Table** 3. From the **⚙️Gear Menu** on a **Product Page** -## Accessing the Import Scan Form (Classic UI / Open Source) - -In DefectDojo OS, you can access this form from two locations: - -* The Tests section of an Engagement: - ![image](images/import_scan_os.png) -* The Findings section of the navigation bar on a Product: - ![image](images/import_scan_os_2.png) - ## Completing the Import Scan Form -![image](images/import_scan_ui.png) The Import Scan form will create a new Test nested under an Engagement, which will contain a unique Finding for each vulnerability contained within your scan file. The Test will be created with a name that matches the Scan Type: e.g. a Tenable scan will be titled ‘Tenable Scan’. @@ -48,7 +39,7 @@ If you do not select a Scan Date, Findings created from this report will use the * **Tags:** if you want to use tags to further organize your Test data, you can add Tags using this form. Type in the name of the tag you want to create, and press Enter on your keyboard to add it to the list of tags. * **Process Findings Asynchronously**: this field is enabled by default, but it can be disabled if you wish. See explanation below. -### Process Findings Asynchronously (Pro) +### Process Findings Asynchronously When this field is enabled, DefectDojo will use a background process to populate your Test file with Findings. This allows you to continue working with DefectDojo while Findings are being created from your scan file. @@ -58,6 +49,11 @@ This option is especially relevant when using the API to import data. If uploadi ### Optional Fields +To open Optional Fields, click the button labelled **"Optional Fields +"** above the **Submit** button + +![image](images/import_scan_ui.png) + +#### Optional Fields descriptions * **Minimum Severity**: If you only want to create Findings for a particular Severity level and above, you can select the minimum Severity level here. All vulnerabilities with lower severity than this field will be ignored. * **Active**: if you want to set all of the incoming Findings to either Active or Inactive, you can specify that here. Otherwise, DefectDojo will use the tool’s vulnerability data to determine whether the Finding is Active or Inactive. This option is relevant if you need your team to manually triage and verify Findings from a particular tool. * **Verified**: as with Active you can set the new set of Findings to either Verified or Unverified by default. This depends on your workflow preferences. For example, if your team prefers to assume Findings are verified unless proven otherwise, you can set this field to True. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/_index.md b/docs/content/import_data/import_scan_files/_index.md similarity index 88% rename from docs/content/en/connecting_your_tools/import_scan_files/_index.md rename to docs/content/import_data/import_scan_files/_index.md index b8ddf6a0847..bff91782153 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/_index.md +++ b/docs/content/import_data/import_scan_files/_index.md @@ -1,5 +1,5 @@ --- -title: "How To Import Data" +title: "Importing Data" description: "Use DefectDojo's Import / Reimport to ingest data and build a pipeline" summary: "" date: 2023-09-07T16:06:50+02:00 @@ -7,8 +7,6 @@ lastmod: 2023-09-07T16:06:50+02:00 draft: false weight: 3 chapter: true -sidebar: - collapsed: true seo: title: "" # custom title (optional) description: "" # custom description (recommended) diff --git a/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md b/docs/content/import_data/import_scan_files/api_pipeline_modelling.md similarity index 87% rename from docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md rename to docs/content/import_data/import_scan_files/api_pipeline_modelling.md index 750d29f0464..dd8e01ed410 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md +++ b/docs/content/import_data/import_scan_files/api_pipeline_modelling.md @@ -1,5 +1,5 @@ --- -title: "Create an automated import pipeline via API" +title: "Import from API" description: "" --- @@ -10,14 +10,6 @@ DefectDojo’s API allows for robust pipeline solutions, which automatically ing These pipelines can be created by directly calling our API **/reimport** endpoint with an attached scan file in a way that closely resembles our **Import Scan Form**. -#### Universal Importer: out of the box automation - -DefectDojo Inc. maintains a **Universal Importer** which can be set up with existing CI/CD pipelines, triggered via GitHub actions, or run in any other automated context. - -This external tool is a useful way to build a pipeline directly from the command line: a much faster solution than writing your own code. - -See our guide to [external tools](../../external_tools) to learn more. External tools are available for **DefectDojo Pro** users only. - ## DefectDojo’s API DefectDojo’s API is documented in\-app using the OpenAPI framework. You can access this documentation from the User Menu in the top right\-hand corner, under **‘API v2 OpenAPI3’**. diff --git a/docs/content/en/connecting_your_tools/connectors/_index.md b/docs/content/import_data/pro/connectors/_index.md similarity index 85% rename from docs/content/en/connecting_your_tools/connectors/_index.md rename to docs/content/import_data/pro/connectors/_index.md index 47c05dfcfaf..c77f1f3a4eb 100644 --- a/docs/content/en/connecting_your_tools/connectors/_index.md +++ b/docs/content/import_data/pro/connectors/_index.md @@ -1,5 +1,5 @@ --- -title: "Connectors (Pro)" +title: "Connectors" description: "Seamlessly connect DefectDojo to your security tools suite" summary: "" date: 2023-09-07T16:06:50+02:00 @@ -7,13 +7,11 @@ lastmod: 2023-09-07T16:06:50+02:00 draft: false weight: 4 chapter: true -sidebar: - collapsed: true seo: title: "" # custom title (optional) description: "" # custom description (recommended) canonical: "" # custom canonical URL (optional) robots: "" # custom robot tags (optional) -pro-feature: true +audience: pro exclude_search: true --- diff --git a/docs/content/en/connecting_your_tools/connectors/about_connectors.md b/docs/content/import_data/pro/connectors/about_connectors.md similarity index 100% rename from docs/content/en/connecting_your_tools/connectors/about_connectors.md rename to docs/content/import_data/pro/connectors/about_connectors.md diff --git a/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md b/docs/content/import_data/pro/connectors/add_edit_connectors.md similarity index 100% rename from docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md rename to docs/content/import_data/pro/connectors/add_edit_connectors.md diff --git a/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md b/docs/content/import_data/pro/connectors/connectors_tool_reference.md similarity index 100% rename from docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md rename to docs/content/import_data/pro/connectors/connectors_tool_reference.md diff --git a/docs/content/en/connecting_your_tools/connectors/manage_operations.md b/docs/content/import_data/pro/connectors/manage_operations.md similarity index 97% rename from docs/content/en/connecting_your_tools/connectors/manage_operations.md rename to docs/content/import_data/pro/connectors/manage_operations.md index 17e830e77ee..a5652aed310 100644 --- a/docs/content/en/connecting_your_tools/connectors/manage_operations.md +++ b/docs/content/import_data/pro/connectors/manage_operations.md @@ -66,7 +66,7 @@ Whenever Sync runs, it will compare the latest scan data against the existing li * If there are new Findings detected, they will be added to the Test as new Findings. * If there are any Findings which aren’t detected in the latest scan, they will be marked as Inactive in the Test. -To learn more about Products, Engagements, Tests and Findings, see our [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). +To learn more about Products, Engagements, Tests and Findings, see our [Product Hierarchy Overview](/asset_modelling/hierarchy/product_hierarchy/). ### Running Sync Manually diff --git a/docs/content/en/connecting_your_tools/connectors/manage_records.md b/docs/content/import_data/pro/connectors/manage_records.md similarity index 98% rename from docs/content/en/connecting_your_tools/connectors/manage_records.md rename to docs/content/import_data/pro/connectors/manage_records.md index 711959988a5..8da74053483 100644 --- a/docs/content/en/connecting_your_tools/connectors/manage_records.md +++ b/docs/content/import_data/pro/connectors/manage_records.md @@ -57,7 +57,7 @@ Once a Record is Mapped, DefectDojo will be ready to import your tool’s scans This makes it possible to send scan data from multiple Connectors to the same Product. All of the data will be stored in the same Engagement, but each Connector will store data in a separate Test. -To learn more about Products, Engagements and Tests, see our [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/). +To learn more about Products, Engagements and Tests, see our [Product Hierarchy Overview](/asset_modelling/hierarchy/product_hierarchy/). ## Record States - Glossary diff --git a/docs/content/en/share_your_findings/_index.md b/docs/content/import_data/pro/specialized_import/_index.md similarity index 73% rename from docs/content/en/share_your_findings/_index.md rename to docs/content/import_data/pro/specialized_import/_index.md index 5443a7dd0b7..8813d06eaf2 100644 --- a/docs/content/en/share_your_findings/_index.md +++ b/docs/content/import_data/pro/specialized_import/_index.md @@ -1,6 +1,6 @@ --- -title: "📤 Share Your Findings" -description: "Create Reports or Push To Jira" +title: "Specialized Import" +description: "Seamlessly connect DefectDojo to your security tools suite" summary: "" date: 2023-09-07T16:06:50+02:00 lastmod: 2023-09-07T16:06:50+02:00 @@ -12,5 +12,6 @@ seo: description: "" # custom description (recommended) canonical: "" # custom canonical URL (optional) robots: "" # custom robot tags (optional) +audience: pro exclude_search: true ---- \ No newline at end of file +--- diff --git a/docs/content/en/connecting_your_tools/external_tools.md b/docs/content/import_data/pro/specialized_import/external_tools.md similarity index 99% rename from docs/content/en/connecting_your_tools/external_tools.md rename to docs/content/import_data/pro/specialized_import/external_tools.md index 18f39813091..625d12e5070 100644 --- a/docs/content/en/connecting_your_tools/external_tools.md +++ b/docs/content/import_data/pro/specialized_import/external_tools.md @@ -1,8 +1,9 @@ --- -title: "External Tools: Universal Importer & DefectDojo-CLI (Pro)" +title: "Universal Importer & DefectDojo-CLI" description: "Import files to DefectDojo from the command line" draft: false weight: 2 +audience: pro --- Note: The following external tools are DefectDojo Pro-only features. These binaries will not work unless they are connected to an instance with a DefectDojo Pro license. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md b/docs/content/import_data/pro/specialized_import/smart_upload.md similarity index 98% rename from docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md rename to docs/content/import_data/pro/specialized_import/smart_upload.md index 191f757be65..97e6201ccb2 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md +++ b/docs/content/import_data/pro/specialized_import/smart_upload.md @@ -1,7 +1,8 @@ --- -title: "Smart Upload for infrastructure scans (Pro)" +title: "Infrastructure scans / Smart Upload" description: "Automatically route incoming Findings to the correct Product" weight: 3 +audience: pro --- Note: Smart Upload is only available in DefectDojo Pro. diff --git a/docs/content/en/connecting_your_tools/universal_parser.md b/docs/content/import_data/pro/specialized_import/universal_parser.md similarity index 99% rename from docs/content/en/connecting_your_tools/universal_parser.md rename to docs/content/import_data/pro/specialized_import/universal_parser.md index 476f088d716..24043d5de20 100644 --- a/docs/content/en/connecting_your_tools/universal_parser.md +++ b/docs/content/import_data/pro/specialized_import/universal_parser.md @@ -3,7 +3,7 @@ title: "🌐 Universal Parser (Pro)" description: "" draft: "false" weight: 1 -pro-feature: true +audience: pro --- Note: The Universal Parser is only available in DefectDojo Pro. diff --git a/docs/content/issue_tracking/_index.md b/docs/content/issue_tracking/_index.md new file mode 100644 index 00000000000..72c1c5ce15e --- /dev/null +++ b/docs/content/issue_tracking/_index.md @@ -0,0 +1,16 @@ +--- +title: "Issue Tracking" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/issue_tracking/intro/_index.md b/docs/content/issue_tracking/intro/_index.md new file mode 100644 index 00000000000..8452f739bba --- /dev/null +++ b/docs/content/issue_tracking/intro/_index.md @@ -0,0 +1,16 @@ +--- +title: "Intro" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/issue_tracking/intro/intro.md b/docs/content/issue_tracking/intro/intro.md new file mode 100644 index 00000000000..f307850524d --- /dev/null +++ b/docs/content/issue_tracking/intro/intro.md @@ -0,0 +1,26 @@ +--- +title: "Issue Tracking Integration" +description: "Sync DefectDojo findings with your issue tracking system to streamline remediation and accountability." +weight: 1 +--- + +## Overview + +The DefectDojo issue tracking integrations connect your vulnerability management workflows with your existing issue tracking system. By automatically creating and updating issues from security findings, DefectDojo helps ensure vulnerabilities are visible, owned, and addressed within the same tools your development and operations teams already use. + +| Edition | Supported Issue Tracking Integrations | +|--------------|---------------------------------------| +| Community Edition | * Jira | +| Pro | * Jira
* Azure DevOps
* GitHub
* GitLab Boards
* ServiceNow | + + +When enabled, DefectDojo can create issues automatically, or selectively from Products or Engagement. As Findings are updated in DefectDojo—resolved, mitigated, or reactivated—the corresponding issues can be kept in sync, ensuring both systems reflect the current state of risk. + +## What Gets Tracked + +Each issue can include key vulnerability details such as severity, description, evidence, and remediation guidance. Links between DefectDojo and the issue tracking system provide traceability from discovery through resolution, supporting reporting, audits, and continuous improvement. + +## Why Issue Tracking Integrations Matter + +Security findings are most effective when they are actionable. Integrating DefectDojo with an issue tracking system bridges the gap between detection and remediation by embedding security work directly into established engineering workflows. This reduces context switching, improves accountability, and helps teams remediate issues faster. + diff --git a/docs/content/issue_tracking/jira/_index.md b/docs/content/issue_tracking/jira/_index.md new file mode 100644 index 00000000000..1d5c21c3546 --- /dev/null +++ b/docs/content/issue_tracking/jira/_index.md @@ -0,0 +1,16 @@ +--- +title: "Jira" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/en/share_your_findings/jira_guide.md b/docs/content/issue_tracking/jira/jira_guide.md similarity index 100% rename from docs/content/en/share_your_findings/jira_guide.md rename to docs/content/issue_tracking/jira/jira_guide.md diff --git a/docs/content/en/share_your_findings/troubleshooting_jira.md b/docs/content/issue_tracking/jira/troubleshooting_jira.md similarity index 100% rename from docs/content/en/share_your_findings/troubleshooting_jira.md rename to docs/content/issue_tracking/jira/troubleshooting_jira.md diff --git a/docs/content/issue_tracking/pro_integration/_index.md b/docs/content/issue_tracking/pro_integration/_index.md new file mode 100644 index 00000000000..9a96558647c --- /dev/null +++ b/docs/content/issue_tracking/pro_integration/_index.md @@ -0,0 +1,17 @@ +--- +title: "Pro Integrations" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +exclude_search: true +audience: pro +--- \ No newline at end of file diff --git a/docs/content/en/share_your_findings/integrations.md b/docs/content/issue_tracking/pro_integration/integrations.md similarity index 89% rename from docs/content/en/share_your_findings/integrations.md rename to docs/content/issue_tracking/pro_integration/integrations.md index e2dd663a9f4..28244d9bfa2 100644 --- a/docs/content/en/share_your_findings/integrations.md +++ b/docs/content/issue_tracking/pro_integration/integrations.md @@ -1,15 +1,16 @@ --- -title: "Integrations Guide (Pro)" +title: "Pro Integrations" weight: 1 +audience: pro --- DefectDojo Pro's Integrations let you push your Findings and Finding Groups to ticket tracking systems to easily integrate security remediation with your teams existing development workflow. Supported Integrations: -- [Azure Devops](/en/share_your_findings/integrations_toolreference/#azure-devops-boards) -- [GitHub](/en/share_your_findings/integrations_toolreference/#github) -- [GitLab Boards](/en/share_your_findings/integrations_toolreference/#gitlab) -- [ServiceNow](/en/share_your_findings/integrations_toolreference/#servicenow) +- [Azure Devops](/issue_tracking/pro_integration/integrations/#azure-devops-boards) +- [GitHub](/issue_tracking/pro_integration/integrations/#github) +- [GitLab Boards](/issue_tracking/pro_integration/integrations/#gitlab) +- [ServiceNow](/issue_tracking/pro_integration/integrations/#servicenow) ## Opening the Integrations page @@ -64,9 +65,9 @@ Project Integrations will have varying requirements for how DefectDojo will need For the complete list of requirements, please open the vendor specific pages below: -- [Azure Devops](/en/share_your_findings/integrations_toolreference/#azure-devops-boards) -- [GitHub](/en/share_your_findings/integrations_toolreference/#github) -- [GitLab Boards](/en/share_your_findings/integrations_toolreference/#gitlab) +- [Azure Devops](/issue_tracking/pro_integration/integrations/#azure-devops-boards) +- [GitHub](/issue_tracking/pro_integration/integrations/#github) +- [GitLab Boards](/issue_tracking/pro_integration/integrations/#gitlab) - ServiceNow (Coming Soon) ## Error Handling and Debugging diff --git a/docs/content/en/share_your_findings/integrations_toolreference.md b/docs/content/issue_tracking/pro_integration/integrations_toolreference.md similarity index 99% rename from docs/content/en/share_your_findings/integrations_toolreference.md rename to docs/content/issue_tracking/pro_integration/integrations_toolreference.md index e8c36e4b51c..da74c650acd 100644 --- a/docs/content/en/share_your_findings/integrations_toolreference.md +++ b/docs/content/issue_tracking/pro_integration/integrations_toolreference.md @@ -2,6 +2,7 @@ title: "Integrators Tool Reference" description: "Detailed setup guides for Integrators" weight: 1 +audience: pro --- Here are specific instructions detailing how to set up a DefectDojo Integration with a third party Issue Tracker. diff --git a/docs/content/en/share_your_findings/pro_reports/_index.md b/docs/content/metrics_reports/_index.md similarity index 94% rename from docs/content/en/share_your_findings/pro_reports/_index.md rename to docs/content/metrics_reports/_index.md index f5ee70a661f..e480c09a66f 100755 --- a/docs/content/en/share_your_findings/pro_reports/_index.md +++ b/docs/content/metrics_reports/_index.md @@ -1,5 +1,5 @@ --- -title: "Create A Report" +title: "Metrics & Reports" description: "Create Custom Reports and Export Data" summary: "" date: 2023-09-07T16:06:50+02:00 diff --git a/docs/content/en/ai/_index.md b/docs/content/metrics_reports/ai/_index.md similarity index 93% rename from docs/content/en/ai/_index.md rename to docs/content/metrics_reports/ai/_index.md index 20ea8d9581e..31440c0b0ae 100644 --- a/docs/content/en/ai/_index.md +++ b/docs/content/metrics_reports/ai/_index.md @@ -5,8 +5,9 @@ summary: "" date: 2023-09-07T16:06:50+02:00 lastmod: 2023-09-07T16:06:50+02:00 draft: false -weight: 2 +weight: 3 chapter: true +audience: pro seo: title: "" # custom title (optional) description: "" # custom description (recommended) diff --git a/docs/content/en/ai/mcp_server_pro.md b/docs/content/metrics_reports/ai/mcp_server_pro.md similarity index 100% rename from docs/content/en/ai/mcp_server_pro.md rename to docs/content/metrics_reports/ai/mcp_server_pro.md diff --git a/docs/content/en/customize_dojo/dashboards/Introduction_dashboard.md b/docs/content/metrics_reports/dashboards/Introduction_dashboard.md similarity index 97% rename from docs/content/en/customize_dojo/dashboards/Introduction_dashboard.md rename to docs/content/metrics_reports/dashboards/Introduction_dashboard.md index 301b19c60a0..62ed14c5421 100644 --- a/docs/content/en/customize_dojo/dashboards/Introduction_dashboard.md +++ b/docs/content/metrics_reports/dashboards/Introduction_dashboard.md @@ -69,7 +69,7 @@ This section summarizes the Graded performance of each Product in your instance, Finding Counts of each severity are calculated by the tile, but note that Product Grade is only assigned based on Active Findings, so there may be Inactive Findings counted in this table which do not contribute to the Grade. -To understand how grades are calculated, see our guide to **[Product Health Grading](/en/working_with_findings/organizing_engagements_tests/product_health_grade/)**. +To understand how grades are calculated, see our guide to **[Product Health Grading](/asset_modelling/hierarchy/product_health_grade/)**. ## Dashboard Configuration diff --git a/docs/content/en/customize_dojo/dashboards/_index.md b/docs/content/metrics_reports/dashboards/_index.md similarity index 90% rename from docs/content/en/customize_dojo/dashboards/_index.md rename to docs/content/metrics_reports/dashboards/_index.md index 6506f0ca7c4..d46ef3261a9 100644 --- a/docs/content/en/customize_dojo/dashboards/_index.md +++ b/docs/content/metrics_reports/dashboards/_index.md @@ -4,10 +4,8 @@ summary: "" date: 2023-09-07T16:06:50+02:00 lastmod: 2023-09-07T16:06:50+02:00 draft: false -weight: 7 +weight: 1 chapter: true -sidebar: - collapsed: true seo: title: "" # custom title (optional) description: "" # custom description (recommended) diff --git a/docs/content/en/customize_dojo/dashboards/about_custom_dashboard_tiles.md b/docs/content/metrics_reports/dashboards/about_custom_dashboard_tiles.md similarity index 98% rename from docs/content/en/customize_dojo/dashboards/about_custom_dashboard_tiles.md rename to docs/content/metrics_reports/dashboards/about_custom_dashboard_tiles.md index 404bece71da..8dd7e0fa3b0 100644 --- a/docs/content/en/customize_dojo/dashboards/about_custom_dashboard_tiles.md +++ b/docs/content/metrics_reports/dashboards/about_custom_dashboard_tiles.md @@ -11,7 +11,7 @@ Dashboard Tiles are customizable sets of filters for your DefectDojo instance, w Tiles can: * Act as shortcuts for particular sets of Findings, Products, or other objects -* Visualize relevant metrics related a Product, Engagement or other components of the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/) +* Visualize relevant metrics related a Product, Engagement or other components of the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/) * Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings Tile Filters set a narrower focus for any tile you want to create. Each Tile has a different set of relevant filters which can be selected. @@ -315,7 +315,7 @@ This Tile compares the Product Grade of all Products on your instance, so that y This tile uses a comparison operator (\<, \=, \<\=, \>\=) to track Products which equal, exceed or fail to meet the Product Grade which you want to monitor. ![image](images/About_Custom_Dashboard_Tiles_11.png) -For more information on how Product Grades are calculated, see our article on [Product Health Grading](/en/working_with_findings/organizing_engagements_tests/product_health_grade/). +For more information on how Product Grades are calculated, see our article on [Product Health Grading](/asset_modelling/hierarchy/product_health_grade/). #### Example: Track Failing Products diff --git a/docs/content/metrics_reports/pro_metrics/PRO__executive_insights.md b/docs/content/metrics_reports/pro_metrics/PRO__executive_insights.md new file mode 100644 index 00000000000..2c7a80cd77a --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__executive_insights.md @@ -0,0 +1,18 @@ +--- +title: "Executive Insights" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 3 +--- + +The **Executive Insights** metrics page provides an aggregated view of application security risk across your organization. As it is design for executive-level consumption, this dashboard focuses exclusively on Organizations and Assets, emphasizing trends and outcomes rather than individual Findings. + +![image](images/pro_dashboards_1.png) + +Within Executive Insights, Users may select a timeframe, Organization, Asset, or Tag from the filter list, which will populate an adjoining table with the resulting Findings. It will also change the results in various charts and graphs below. + +If no filters are selected, the table will display the status of all Organizations, Assets, and Tags. + +The first table provides a birdseye view of your overall security posture. There are also two separate tables for your Organizations and Assets. + +Figures will populate within each table depending on the filters applied. Clicking any hyperlinked figure within a cell will open a separate tab with a corresponding Findings Table. diff --git a/docs/content/metrics_reports/pro_metrics/PRO__overview.md b/docs/content/metrics_reports/pro_metrics/PRO__overview.md new file mode 100644 index 00000000000..c161154f3e3 --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__overview.md @@ -0,0 +1,56 @@ +--- +title: "Pro Metrics Overview" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 2 +--- + +The DefectDojo Pro UI has various Metrics dashboards to help visualize your current security posture. Each dashboard allows stakeholders at different levels of the organization to make informed decisions without needing to interpret raw data or navigate individual Findings. These dashboards include: +* [Executive Insights](#executive-insights) +* [Priority Insights](#priority-insights) +* [Program Insights](#program-insights) +* [Remediation Insights](#remediation-insights) +* [Tool Insights](#tool-insights) + +![Metrics overview](images/metrics_image1.png) + +## Metrics Features + +Before elaborating on each particular dashboard, there are some commonalities between all dashboards that are worth reviewing. + +### Filtering + +All Metrics can be filtered by timeframe, Organization, Asset, and Tag. After adjusting the filter as desired, Apply Filter must be clicked in order for the filter to take effect. If you wish to export a PDF of all charts, tables, and graphs on the dashboard as currently filtered, click Export as PDF. + +The filtering timeframe is limited to the past year, but can otherwise be adjusted to include the past 7, 14, 30, 90, or 180 days. + +Note that filter parameters are rendered in the URL, so you can bookmark multiple pages with various filter parameters. This can be useful for quick reference, or for consistently generating a particular kind of report. + +### Submenus + +Each graph has a ⋮ kebab menu in the top right of each view with the following features: +* Force Refresh — Manually refreshes to incorporate any new updates in the data. +* Expand Plot — Opens the same chart in a larger pop-up modal. +* Download Plot as SVG — Downloads the chart as an SVG file. +* View as Table — Shows the data from the chart in table format. + * Each column of the table can be toggled to appear in ascending or descending order when clicked. You can also download each table. + +![Kebab menu contents](images/metrics_image2.png) + +### Access + +The Metrics section will only represent data from the Organizations and Assets that each User has the appropriate permissions to view. A User with access limited to a single Asset will only be able to see Metrics for that particular Asset, but if they don’t have access to the other Assets within the parent Organization, data from those other Assets won't be represented in Metrics. + +### Viewing Data Within Charts + +The X-axis of line charts will always represent the current timeframe filter. Hovering your cursor over a line chart will cause a modal to appear with a count of the figures on the Y-axis at that point in time. + +![Graph pop-up modal](images/metrics_image3.png) + +### Toggling Results + +Users can toggle certain categories of Findings as viewable and nonviewable in the chart by clicking on their respective color/name at the top of each chart. + +For example, in the Active Findings by Severity chart below, if you only wanted to see Findings with a High or Critical severity, you would click Medium, Low, and Info at the top to remove those results from the chart. Clicking Medium, Low, and Info again would make those results reappear. + +![Toggling graph results gif](images/metrics_image4.gif) diff --git a/docs/content/metrics_reports/pro_metrics/PRO__priority_insights.md b/docs/content/metrics_reports/pro_metrics/PRO__priority_insights.md new file mode 100644 index 00000000000..76f4676e3c5 --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__priority_insights.md @@ -0,0 +1,19 @@ +--- +title: "Priority Insights" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 3 +--- + +The **Priority Insights** metrics page shows the most critical Findings as determined by Risk, Severity, Exploitability, or custom scoring, helping teams understand which vulnerabilities pose the greatest threat at any given moment and focus their efforts accordingly. + +Apart from various charts and graphs, Priority Insights includes four clickable modals that will open a separate tab with a table for all of the data those four modals represent: + +* Total Urgent Risk Findings +* Total Needs Action Risk Findings +* Total Medium Risk Findings +* Average Finding Priority + +It also includes an integrated table of Prioritized Findings arranged either by AppSec or SOC, allowing Users to further filter, interact with, and view the data associated with individual Findings. The contents can be exported as a CSV file or a Quick Report, and other various columns can be added prior to export. + +![Priority Insights table](images/metrics_image6.png) diff --git a/docs/content/metrics_reports/pro_metrics/PRO__program_insights.md b/docs/content/metrics_reports/pro_metrics/PRO__program_insights.md new file mode 100644 index 00000000000..6d82d652e4a --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__program_insights.md @@ -0,0 +1,12 @@ +--- +title: "Program Insights" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 3 +--- + +The **Program Insights** metrics page evaluates the effectiveness and maturity of the application security program as a whole, focusing on program-level performance rather than individual Findings. + +![image](images/pro_dashboards_3.png) + +It includes breakdowns of testing efforts, as well as how deduplication and reimport features are affecting noise reduction, efficiency increases, and cumulative cost savings, ensuring that security processes are working as intended. diff --git a/docs/content/metrics_reports/pro_metrics/PRO__remediation_insights.md b/docs/content/metrics_reports/pro_metrics/PRO__remediation_insights.md new file mode 100644 index 00000000000..827d6e18f9b --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__remediation_insights.md @@ -0,0 +1,16 @@ +--- +title: "Remediation Insights" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 3 +--- + +The **Remediation Insights** dashboard focuses on closure performance and remediation accountability, charting SLA adherence, overdue Findings, and Risk Acceptance over time. It relies on EPSS scores to determine a Finding’s exploitability, the database for which DefectDojo Pro updates daily and applies to each of your Findings. + +![image](images/pro_dashboards_4.png) + +Similar to Priority Insights, Remediation Insights also includes four clickable modals that will open a separate tab with a table for all of the data those four modals represent: +* Total Open Findings +* Critical & High Open Findings +* Mitigated Within SLA +* Highly Exploitable Findings diff --git a/docs/content/metrics_reports/pro_metrics/PRO__tool_insights.md b/docs/content/metrics_reports/pro_metrics/PRO__tool_insights.md new file mode 100644 index 00000000000..524c447d4e5 --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/PRO__tool_insights.md @@ -0,0 +1,14 @@ +--- +title: "Tool Insights" +description: "How to Leverage Metrics in DefectDojo Pro" +audience: pro +weight: 3 +--- + +**Tool Insights** tracks the performance of each security tool used in DefectDojo based on the count and severity of Findings that it reports, helping to evaluate the comparative effectiveness of tools over time. + +![image](images/pro_dashboards_5.png) + +Specifically, the Severity by Tool (Top 10 Most Findings) modal will provide a radar chart comparing the severity of the Findings your tools reveal. + +Severity by Tool Monthly will also provide a table arranged by the total Findings a particular scan type revealed on a particular date. Each column of this table can also be toggled to present in ascending or descending order. diff --git a/docs/content/metrics_reports/pro_metrics/_index.md b/docs/content/metrics_reports/pro_metrics/_index.md new file mode 100644 index 00000000000..1e6332bca58 --- /dev/null +++ b/docs/content/metrics_reports/pro_metrics/_index.md @@ -0,0 +1,17 @@ +--- +title: "Pro Metrics" +description: "Performance metrics and insights" +summary: "" +date: 2026-01-20T17:33:00+00:00 +lastmod: 2026-01-20T17:33:00+00:00 +draft: false +weight: 2 +chapter: true +audience: pro +seo: + title: "" + description: "" + canonical: "" + robots: "" +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/metrics_reports/reports/_index.md b/docs/content/metrics_reports/reports/_index.md new file mode 100644 index 00000000000..2ab02bc3710 --- /dev/null +++ b/docs/content/metrics_reports/reports/_index.md @@ -0,0 +1,16 @@ +--- +title: "Report Builder" +description: "Performance metrics and insights" +summary: "" +date: 2026-01-20T17:33:00+00:00 +lastmod: 2026-01-20T17:33:00+00:00 +draft: false +weight: 2 +chapter: true +seo: + title: "" + description: "" + canonical: "" + robots: "" +exclude_search: true +--- \ No newline at end of file diff --git a/docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md b/docs/content/metrics_reports/reports/using_the_report_builder.md similarity index 100% rename from docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md rename to docs/content/metrics_reports/reports/using_the_report_builder.md diff --git a/docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md b/docs/content/metrics_reports/reports/working_with_generated_reports.md similarity index 100% rename from docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md rename to docs/content/metrics_reports/reports/working_with_generated_reports.md diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/filter_index.md b/docs/content/navigation/PRO__filter_index.md similarity index 86% rename from docs/content/en/working_with_findings/organizing_engagements_tests/filter_index.md rename to docs/content/navigation/PRO__filter_index.md index 3fbe8578d8a..168f25bb841 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/filter_index.md +++ b/docs/content/navigation/PRO__filter_index.md @@ -2,11 +2,12 @@ title: "Filter Index" description: "Reference for all filters in DefectDojo" weight: 5 + --- **Note: Currently this article only covers Finding Filters available in the DefectDojo Pro UI, but this article will be expanded in the future to govern more object types, along with Open-Source filters.** -Here is a list of filters that can be applied in the DefectDojo Pro UI to sort lists of Findings. DefectDojo Filters can be used to assist with navigating through lists of Objects, creating custom [Dashboard Tiles](/en/customize_dojo/dashboards/about_custom_dashboard_tiles/), or creating automation via [Rules Engine](/en/customize_dojo/rules_engine/). +Here is a list of filters that can be applied in the DefectDojo Pro UI to sort lists of Findings. DefectDojo Filters can be used to assist with navigating through lists of Objects, creating custom [Dashboard Tiles](/metrics_reports/dashboards/about_custom_dashboard_tiles/), or creating automation via [Rules Engine](/automation/rules_engine/about). ## Findings These fields are specific to DefectDojo Findings and are used to organize a Finding. Each of these filters is a separate column in the All Findings table. @@ -37,7 +38,7 @@ These Filters are assigned at the time of issue creation, and cannot be directly ##### Can be modified These fields are set when an issue is created, but can be modified as an issue progresses. -* [Status](/en/working_with_findings/findings_workflows/finding_status_definitions/) +* [Status](/triage_findings/findings_workflows/finding_status_definitions/) * Last Status Update (Timestamp) * Mitigated (True or False) @@ -47,7 +48,7 @@ These DefectDojo functions can be used to further organize your Findings or trac * Finding Tags * Reviewers (Assigned User) * Has Notes (True/False) -* Group (refers to the [Finding Group](/en/working_with_findings/findings_workflows/editing_findings/#finding-group-actions), if one exists) +* Group (refers to the [Finding Group](/triage_findings/findings_workflows/editing_findings/#finding-group-actions), if one exists) * Risk Acceptance (select one or more existing Risk Acceptances from the list) ### Tool-Specific Metadata diff --git a/docs/content/navigation/_index.md b/docs/content/navigation/_index.md new file mode 100644 index 00000000000..0a736fd95cb --- /dev/null +++ b/docs/content/navigation/_index.md @@ -0,0 +1,17 @@ +--- +title: "Navigating DefectDojo" +description: "" +summary: "" +date: 2023-09-07T16:12:03+02:00 +lastmod: 2023-09-07T16:12:03+02:00 +draft: false +weight: 999 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/open_source/_index.md b/docs/content/open_source/_index.md similarity index 100% rename from docs/content/en/open_source/_index.md rename to docs/content/open_source/_index.md diff --git a/docs/content/en/open_source/archived_docs/_index.md b/docs/content/open_source/archived_docs/_index.md similarity index 100% rename from docs/content/en/open_source/archived_docs/_index.md rename to docs/content/open_source/archived_docs/_index.md diff --git a/docs/content/en/open_source/archived_docs/burp-plugin.md b/docs/content/open_source/archived_docs/burp-plugin.md similarity index 100% rename from docs/content/en/open_source/archived_docs/burp-plugin.md rename to docs/content/open_source/archived_docs/burp-plugin.md diff --git a/docs/content/en/open_source/archived_docs/google-sheets-sync.md b/docs/content/open_source/archived_docs/google-sheets-sync.md similarity index 100% rename from docs/content/en/open_source/archived_docs/google-sheets-sync.md rename to docs/content/open_source/archived_docs/google-sheets-sync.md diff --git a/docs/content/en/open_source/archived_docs/usage/_index.md b/docs/content/open_source/archived_docs/usage/_index.md similarity index 100% rename from docs/content/en/open_source/archived_docs/usage/_index.md rename to docs/content/open_source/archived_docs/usage/_index.md diff --git a/docs/content/en/open_source/archived_docs/usage/features.md b/docs/content/open_source/archived_docs/usage/features.md similarity index 99% rename from docs/content/en/open_source/archived_docs/usage/features.md rename to docs/content/open_source/archived_docs/usage/features.md index 51cf295776f..f03d23100cb 100644 --- a/docs/content/en/open_source/archived_docs/usage/features.md +++ b/docs/content/open_source/archived_docs/usage/features.md @@ -123,7 +123,7 @@ but at different levels in the data model: ### Tag Inheritance -When enabled, tags applied to a given product will automatically be applied to all objects under Products in the [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). +When enabled, tags applied to a given product will automatically be applied to all objects under Products in the [Product Hierarchy](/asset_modelling/hierarchy/product_hierarchy/). #### Configuration diff --git a/docs/content/en/open_source/archived_docs/usage/questionnaires.md b/docs/content/open_source/archived_docs/usage/questionnaires.md similarity index 100% rename from docs/content/en/open_source/archived_docs/usage/questionnaires.md rename to docs/content/open_source/archived_docs/usage/questionnaires.md diff --git a/docs/content/en/open_source/contributing/_index.md b/docs/content/open_source/contributing/_index.md similarity index 100% rename from docs/content/en/open_source/contributing/_index.md rename to docs/content/open_source/contributing/_index.md diff --git a/docs/content/en/open_source/contributing/branching-model.md b/docs/content/open_source/contributing/branching-model.md similarity index 100% rename from docs/content/en/open_source/contributing/branching-model.md rename to docs/content/open_source/contributing/branching-model.md diff --git a/docs/content/en/open_source/contributing/documentation.md b/docs/content/open_source/contributing/documentation.md similarity index 100% rename from docs/content/en/open_source/contributing/documentation.md rename to docs/content/open_source/contributing/documentation.md diff --git a/docs/content/en/open_source/contributing/how-to-write-a-parser.md b/docs/content/open_source/contributing/how-to-write-a-parser.md similarity index 97% rename from docs/content/en/open_source/contributing/how-to-write-a-parser.md rename to docs/content/open_source/contributing/how-to-write-a-parser.md index 029e6b47a4e..bd00c8abff5 100644 --- a/docs/content/en/open_source/contributing/how-to-write-a-parser.md +++ b/docs/content/open_source/contributing/how-to-write-a-parser.md @@ -37,7 +37,7 @@ $ docker compose build --build-arg uid=1000 |`unittests/scans//{many_vulns,no_vuln,one_vuln}.json` | Sample files containing meaningful data for unit tests. The minimal set. |`unittests/tools/test__parser.py` | Unit tests of the parser. |`dojo/settings/settings.dist.py` | If you want to use a modern hashcode based deduplication algorithm -|`docs/content/en/connecting_your_tools/parsers//.md` | Documentation, what kind of file format is required and how it should be obtained +|`docs/content/supported_tools//.md` | Documentation, what kind of file format is required and how it should be obtained ## Factory contract @@ -252,7 +252,7 @@ Do not do something like this: ## Deduplication algorithm -By default a new parser uses the 'legacy' deduplication algorithm documented at https://docs.defectdojo.com/en/open_source/archived_docs/usage/features/#deduplication +By default a new parser uses the 'legacy' deduplication algorithm documented at https://docs.defectdojo.com/open_source/archived_docs/usage/features/#deduplication Please use a pre-defined deduplication algorithm where applicable. When using the `unique_id_from_tool` or `vuln_id_from_tool` fields in the hash code configuration, it's important that these are uqniue for the finding and constant over time across subsequent scans. If this is not the case, the values can still be useful to set on the finding model without using them for deduplication. The values must be coming from the report directly and must not be something that is calculated by the parser internally. @@ -383,4 +383,4 @@ Please add a new .md file in [`docs/content/en/connecting_your_tools/parsers`] w * A link to the relevant unit tests folder so that users can quickly navigate there from Documentation. * A link to the scanner itself - (e.g. GitHub or vendor link) -Here is an example of a completed Parser documentation page: [https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/en/connecting_your_tools/parsers/file/acunetix.md](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/en/connecting_your_tools/parsers/file/acunetix.md) +Here is an example of a completed Parser documentation page: [https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/supported_tools/file/acunetix.md](https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/content/supported_tools/file/acunetix.md) diff --git a/docs/content/en/open_source/contributing/parser-documentation-template.md b/docs/content/open_source/contributing/parser-documentation-template.md similarity index 95% rename from docs/content/en/open_source/contributing/parser-documentation-template.md rename to docs/content/open_source/contributing/parser-documentation-template.md index 34e9586789e..943da145349 100644 --- a/docs/content/en/open_source/contributing/parser-documentation-template.md +++ b/docs/content/open_source/contributing/parser-documentation-template.md @@ -6,7 +6,7 @@ weight: 1 This template is designed to document a new or existing parser. Please feel free to improve with any additional information that might help your fellow security professionals. -* Copy this .md file and add it to `/docs/content/en/connecting_your_tools/parsers/file` in the GitHub repository. +* Copy this .md file and add it to `/docs/content/supported_tools/file` in the GitHub repository. * Update the title to match the name of your new or existing parser. * Fill out all sections listed below. Please remove any instructions or examples found within each section or examples. diff --git a/docs/content/en/open_source/exporting.md b/docs/content/open_source/exporting.md similarity index 100% rename from docs/content/en/open_source/exporting.md rename to docs/content/open_source/exporting.md diff --git a/docs/content/en/open_source/languages.md b/docs/content/open_source/languages.md similarity index 100% rename from docs/content/en/open_source/languages.md rename to docs/content/open_source/languages.md diff --git a/docs/content/en/open_source/ldap-authentication.md b/docs/content/open_source/ldap-authentication.md similarity index 100% rename from docs/content/en/open_source/ldap-authentication.md rename to docs/content/open_source/ldap-authentication.md diff --git a/docs/content/en/open_source/notification_webhooks/_index.md b/docs/content/open_source/notification_webhooks/_index.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/_index.md rename to docs/content/open_source/notification_webhooks/_index.md diff --git a/docs/content/en/open_source/notification_webhooks/engagement_added.md b/docs/content/open_source/notification_webhooks/engagement_added.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/engagement_added.md rename to docs/content/open_source/notification_webhooks/engagement_added.md diff --git a/docs/content/en/open_source/notification_webhooks/how_to.md b/docs/content/open_source/notification_webhooks/how_to.md similarity index 97% rename from docs/content/en/open_source/notification_webhooks/how_to.md rename to docs/content/open_source/notification_webhooks/how_to.md index 759d73bc0db..e4caa61470b 100644 --- a/docs/content/en/open_source/notification_webhooks/how_to.md +++ b/docs/content/open_source/notification_webhooks/how_to.md @@ -11,7 +11,7 @@ Webhooks are HTTP requests coming from the DefectDojo instance towards a user-de It is not unusual that in some cases a webhook can not be delivered. It is usually connected to network issues, server misconfiguration, or running upgrades on the server. DefectDojo needs to react to these outages. It might temporarily or permanently disable related endpoints. The following graph shows how it might change the status of the webhook definition based on HTTP responses (or manual user interaction). - + ![image](images/webhook-state-transition-flow.png) diff --git a/docs/content/en/open_source/notification_webhooks/ping.md b/docs/content/open_source/notification_webhooks/ping.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/ping.md rename to docs/content/open_source/notification_webhooks/ping.md diff --git a/docs/content/en/open_source/notification_webhooks/product_added.md b/docs/content/open_source/notification_webhooks/product_added.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/product_added.md rename to docs/content/open_source/notification_webhooks/product_added.md diff --git a/docs/content/en/open_source/notification_webhooks/product_type_added.md b/docs/content/open_source/notification_webhooks/product_type_added.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/product_type_added.md rename to docs/content/open_source/notification_webhooks/product_type_added.md diff --git a/docs/content/en/open_source/notification_webhooks/scan_added.md b/docs/content/open_source/notification_webhooks/scan_added.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/scan_added.md rename to docs/content/open_source/notification_webhooks/scan_added.md diff --git a/docs/content/en/open_source/notification_webhooks/test_added.md b/docs/content/open_source/notification_webhooks/test_added.md similarity index 100% rename from docs/content/en/open_source/notification_webhooks/test_added.md rename to docs/content/open_source/notification_webhooks/test_added.md diff --git a/docs/content/en/open_source/notification_webhooks/transition-state b/docs/content/open_source/notification_webhooks/transition-state similarity index 100% rename from docs/content/en/open_source/notification_webhooks/transition-state rename to docs/content/open_source/notification_webhooks/transition-state diff --git a/docs/content/en/open_source/rate_limiting.md b/docs/content/open_source/rate_limiting.md similarity index 94% rename from docs/content/en/open_source/rate_limiting.md rename to docs/content/open_source/rate_limiting.md index 691e4401c0d..494a0371d6f 100644 --- a/docs/content/en/open_source/rate_limiting.md +++ b/docs/content/open_source/rate_limiting.md @@ -13,7 +13,7 @@ For further information, please visit the package documentation [Django Ratelimi #### Enable Rate Limiting -To enable and configure rate limiting, edit the settings (see [Configuration](../../open_source/installation/configuration) and edit/replace the following information: +To enable and configure rate limiting, edit the settings (see [Configuration](../../get_started/open_source/configuration) and edit/replace the following information: {{< highlight python >}} DD_RATE_LIMITER_ENABLED=(bool, True), diff --git a/docs/content/supported_tools/_index.md b/docs/content/supported_tools/_index.md index aaa71e1b65e..abe735c1b12 100644 --- a/docs/content/supported_tools/_index.md +++ b/docs/content/supported_tools/_index.md @@ -24,14 +24,14 @@ DefectDojo can parse data from 200+ security reports and counting. **Smart Upload** allows you to split infrastructure-wide scan files up by component or endpoint, and easily combine those results with other Findings from the same location. -| [Connectors](/en/connecting_your_tools/connectors/about_connectors/): supported tools | [Smart Upload](/en/connecting_your_tools/import_scan_files/smart_upload/): supported tools | +| [Connectors](/import_data/pro/connectors/about_connectors/): supported tools | [Smart Upload](/import_data/pro/specialized_import/smart_upload/): supported tools | | --- | --- | | Anchore, AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable, Wiz | # All Supported Tools -All of these listed reports can be ingested via [Import/Reimport](/en/connecting_your_tools/import_intro) methods. This means that they can be imported to both Open-Source and Pro instances using the UI or API. +All of these listed reports can be ingested via [Import/Reimport](/import_data/import_intro/comparison/) methods. This means that they can be imported to both Open-Source and Pro instances using the UI or API. If your tool is not in this list, there's a good chance that DefectDojo can still import a report from the tool. Consider the [Generic Findings Import](/supported_tools/parsers/generic_findings_import/) method. -DefectDojo Pro users can import any JSON or CSV report using the [Universal Parser](/en/connecting_your_tools/universal_parser). \ No newline at end of file +DefectDojo Pro users can import any JSON or CSV report using the [Universal Parser](/import_data/pro/specialized_import/universal_parser/). \ No newline at end of file diff --git a/docs/content/supported_tools/parsers/_index.md b/docs/content/supported_tools/parsers/_index.md index d290a5c465c..344ac879c30 100644 --- a/docs/content/supported_tools/parsers/_index.md +++ b/docs/content/supported_tools/parsers/_index.md @@ -25,14 +25,14 @@ DefectDojo can parse data from 180+ security reports and counting. **Smart Upload** allows you to split infrastructure-wide scan files up by component or endpoint, and easily combine those results with other Findings from the same location. -| [Connectors](/en/connecting_your_tools/connectors/about_connectors/): supported tools | [Smart Upload](/en/connecting_your_tools/import_scan_files/smart_upload/): supported tools | +| [Connectors](/import_data/pro/connectors/about_connectors/): supported tools | [Smart Upload](/import_data/pro/specialized_import/smart_upload/): supported tools | | --- | --- | | AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable, Wiz | # All Supported Tools -All of these listed reports can be ingested via [Import/Reimport](/en/connecting_your_tools/import_intro) methods. This means that they can be imported to both Open-Source and Pro instances using the UI or API. +All of these listed reports can be ingested via [Import/Reimport](/import_data/import_intro/comparison/) methods. This means that they can be imported to both Open-Source and Pro instances using the UI or API. If your tool is not in this list, there's a good chance that DefectDojo can still import a report from the tool. Consider the [Generic Findings Import](/supported_tools/parsers/generic_findings_import/) method. -DefectDojo Pro users can import any JSON or CSV report using the [Universal Parser](/en/connecting_your_tools/universal_parser). +DefectDojo Pro users can import any JSON or CSV report using the [Universal Parser](/import_data/pro/specialized_import/universal_parser/). diff --git a/docs/content/supported_tools/parsers/file/aws_prowler_v3plus.md b/docs/content/supported_tools/parsers/file/aws_prowler_v3plus.md index dba7e176293..e8fe00b34a6 100644 --- a/docs/content/supported_tools/parsers/file/aws_prowler_v3plus.md +++ b/docs/content/supported_tools/parsers/file/aws_prowler_v3plus.md @@ -5,7 +5,7 @@ toc_hide: true ### File Types DefectDojo parser accepts a native `json` file produced by prowler v3 with file extension `.json` or a `ocsf-json` file produced by prowler v4 with file extension `.ocsf.json`. -Please note: earlier versions of AWS Prowler create output data in a different format. See our other [prowler parser documentation](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/aws_prowler/) if you are using an earlier version of AWS Prowler. +Please note: earlier versions of AWS Prowler create output data in a different format. See our other [prowler parser documentation](https://docs.defectdojo.com/supported_tools/file/aws_prowler/) if you are using an earlier version of AWS Prowler. JSON reports can be created from the [AWS Prowler v3 CLI](https://docs.prowler.com/projects/prowler-open-source/en/v3/tutorials/reporting/#json) using the following command: `prowler -M json` diff --git a/docs/content/supported_tools/parsers/file/burp.md b/docs/content/supported_tools/parsers/file/burp.md index 970d9f18a49..ffe5a1b0edb 100644 --- a/docs/content/supported_tools/parsers/file/burp.md +++ b/docs/content/supported_tools/parsers/file/burp.md @@ -4,7 +4,7 @@ toc_hide: true --- ### File Types DefectDojo parser accepts Burp Issue data as an .xml file. -To parse an HTML file instead, use this method: https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/burp_suite_dast/ +To parse an HTML file instead, use this method: https://docs.defectdojo.com/supported_tools/file/burp_suite_dast/ When the Burp report is generated, **the recommended option is Base64 encoding both the request and response fields** - e.g. check the box diff --git a/docs/content/supported_tools/parsers/file/burp_suite_dast.md b/docs/content/supported_tools/parsers/file/burp_suite_dast.md index f17f7ef7460..3113895fba5 100644 --- a/docs/content/supported_tools/parsers/file/burp_suite_dast.md +++ b/docs/content/supported_tools/parsers/file/burp_suite_dast.md @@ -7,7 +7,7 @@ toc_hide: true The Burp Suite DAST Scan parser processes HTML reports from Burp Suite DAST and imports the findings into DefectDojo. The parser extracts vulnerability details, severity ratings, descriptions, remediation steps, and other metadata from the HTML report. ## Supported File Types -The parser accepts a Standard Report as an HTML file. To parse an XML file instead, use the [Burp XML parser](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/burp/). +The parser accepts a Standard Report as an HTML file. To parse an XML file instead, use the [Burp XML parser](https://docs.defectdojo.com/supported_tools/file/burp/). See the Burp documentation for information on how to export a Standard Report: [Burp Suite DAST Downloading reports](https://portswigger.net/burp/documentation/dast/user-guide/work-with-scan-results/generate-reports) diff --git a/docs/content/supported_tools/parsers/file/wiz.md b/docs/content/supported_tools/parsers/file/wiz.md index 771d316d062..39f8dd83e36 100644 --- a/docs/content/supported_tools/parsers/file/wiz.md +++ b/docs/content/supported_tools/parsers/file/wiz.md @@ -5,7 +5,7 @@ toc_hide: true The [Wiz](https://www.wiz.io/) parser for DefectDojo supports imports from both Wiz Scanner Standard and SCA (Software Composition Analysis) .csv output from Wiz.io. This document details the parsing of both formats into DefectDojo field mappings, unmapped fields, and location of each field's parsing code for easier troubleshooting and analysis. -⚠️ **DefectDojo Pro** Users can also automatically create Findings directly from Wiz using the Wiz Connector. See our [Connectors documentation](/en/connecting_your_tools/connectors/about_connectors/) for more details. +⚠️ **DefectDojo Pro** Users can also automatically create Findings directly from Wiz using the Wiz Connector. See our [Connectors documentation](/import_data/pro/connectors/about_connectors/) for more details. ## Link To Tool diff --git a/docs/content/en/working_with_findings/finding_deduplication/deduplication_tuning_os.md b/docs/content/triage_findings/finding_deduplication/OS__deduplication_tuning.md similarity index 91% rename from docs/content/en/working_with_findings/finding_deduplication/deduplication_tuning_os.md rename to docs/content/triage_findings/finding_deduplication/OS__deduplication_tuning.md index d46f9626567..f88b72ed562 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/deduplication_tuning_os.md +++ b/docs/content/triage_findings/finding_deduplication/OS__deduplication_tuning.md @@ -1,12 +1,13 @@ --- -title: "Deduplication Tuning (Open Source)" +title: "Deduplication Tuning" description: "Configure deduplication in DefectDojo Open Source: algorithms, hash fields, endpoints, and service" weight: 5 +audience: opensource --- -This page explains how to tune deduplication in the Open Source (OS) edition of DefectDojo. For a visual, feature-rich tuning UI, see the Pro documentation. The OS edition uses settings files and environment variables. +The Open Source edition of DefectDojo uses settings files and environment variables tune deduplication. -See also: [Configuration](/en/open_source/installation/configuration) for details on environment variables and `local_settings.py` overrides. +See also: [Open Source Configuration](/get_started/open_source/configuration/) for details on environment variables and `local_settings.py` overrides. ## What you can configure @@ -138,10 +139,3 @@ To help troubleshooting deduplication use the following tools: ![Unique ID from Tool and Hash Code on the View Finding page](images/hash_code_id_field.png) ![Unique ID from Tool and Hash Code on the Finding List Status Column](images/hash_code_status_column.png) - -## Related documentation - -- [Deduplication Algorithms](deduplication_algorithms): conceptual overview and endpoint behavior. -- [Avoiding duplicates via reimport](avoiding_duplicates_via_reimport). - - diff --git a/docs/content/en/working_with_findings/finding_deduplication/tune_deduplication.md b/docs/content/triage_findings/finding_deduplication/PRO__deduplication_tuning.md similarity index 98% rename from docs/content/en/working_with_findings/finding_deduplication/tune_deduplication.md rename to docs/content/triage_findings/finding_deduplication/PRO__deduplication_tuning.md index 675f4cc88f3..9da8005d8a1 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/tune_deduplication.md +++ b/docs/content/triage_findings/finding_deduplication/PRO__deduplication_tuning.md @@ -1,7 +1,8 @@ --- -title: "Deduplication Tuning (Pro)" +title: "Deduplication Tuning" description: "Configure how DefectDojo identifies and manages duplicate findings" weight: 4 +audience: pro --- Deduplication Tuning is a DefectDojo Pro feature that gives you fine-grained control over how findings are deduplicated, allowing you to optimize duplicate detection for your specific security testing workflow. diff --git a/docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md b/docs/content/triage_findings/finding_deduplication/PRO_enabling_product_deduplication.md similarity index 94% rename from docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md rename to docs/content/triage_findings/finding_deduplication/PRO_enabling_product_deduplication.md index 7bff087c898..5f2f12e4abc 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md +++ b/docs/content/triage_findings/finding_deduplication/PRO_enabling_product_deduplication.md @@ -2,6 +2,7 @@ title: "Enabling Deduplication" description: "How to enable Deduplication at the Product level" weight: 2 +audience: pro --- Deduplication can be implemented at either a Product level or at a more narrow Engagement level. @@ -26,8 +27,6 @@ Deduplication can be implemented at either a Product level or at a more narrow E Applying **Delete Deduplicate Findings** will begin a deletion process immediately. DefectDojo will look at each Finding with Duplicates recorded, and will delete old duplicate Findings until the Maximum Duplicate number has been reached. -For more information on how DefectDojo determines what to delete, see our guide to **[Deleting Deduplicate Findings](../delete_deduplicates/).** - ## Deduplication for Engagements Rather than Deduplicating across an entire Product, you can set a deduplication scope to be within a single Engagement exclusively. diff --git a/docs/content/en/working_with_findings/findings_workflows/_index.md b/docs/content/triage_findings/finding_deduplication/_index.md similarity index 55% rename from docs/content/en/working_with_findings/findings_workflows/_index.md rename to docs/content/triage_findings/finding_deduplication/_index.md index 454581ccee2..86e6616427e 100644 --- a/docs/content/en/working_with_findings/findings_workflows/_index.md +++ b/docs/content/triage_findings/finding_deduplication/_index.md @@ -1,10 +1,8 @@ --- -title: "Finding Workflows & Status" +title: "Deduplication" date: 2021-02-02T20:46:29+01:00 draft: false -weight: 3 type: docs -sidebar: - collapsed: true +weight: 3 exclude_search: true --- diff --git a/docs/content/triage_findings/finding_deduplication/about_deduplication.md b/docs/content/triage_findings/finding_deduplication/about_deduplication.md new file mode 100644 index 00000000000..14f203a3afe --- /dev/null +++ b/docs/content/triage_findings/finding_deduplication/about_deduplication.md @@ -0,0 +1,117 @@ +--- +title: "About Deduplication" +description: "Deduplication fundamentals and key concepts" +weight: 1 +--- + +DefectDojo is designed to ingest bulk reports from tools, creating one or more Findings based on the content of the report. When using DefectDojo, you’ll most likely be ingesting reports from the same tool on a regular basis, which means that duplicate Findings are highly likely. + +This is where Deduplication comes in, a Smart feature which you can set up to automatically manage duplicate Findings. + +## How DefectDojo handles duplicates + +1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. +2. **Later, you import Test 2 which contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** +3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. + +By creating and marking Duplicates in this way, DefectDojo ensures that all the work for the ‘original’ vulnerability is centralized on the original Finding page, without creating separate contexts, or giving your team the impression that there are multiple separate vulnerabilities which need to be addressed. + +By default, these Tests would need to be nested under the same Product for Deduplication to be applied. If you wish, you can further limit the Deduplication scope to a single Engagement. + +![Deduplication on product and engagement level](images/deduplication.png) + +Duplicate Findings are set as Inactive by default. This does not mean the Duplicate Finding itself is Inactive. Rather, this is so that your team only has a single active Finding to work on and remediate, with the implication being that once the original Finding is Mitigated, the Duplicates will also be Mitigated. + +## Deduplication vs Reimport + +Deduplication and Reimport are similar processes but they have a key difference: + +* When you Reimport to a Test, the Reimport process looks at incoming Findings, **filters and** **discards any matches**. Those matches will never be created as Findings or Finding Duplicates. +* Deduplication is applied 'passively' on Findings that have already been created. It will identify duplicates in scope and **label them**, but it will not delete or discard the Finding unless 'Delete Deduplicate Findings' is enabled. +* The 'reimport' action of discarding a Finding always happens before deduplication; DefectDojo **cannot deduplicate Findings that are never created** as a result of Reimport's filtering. + +## When are duplicates appropriate? + +Duplicates are useful when you’re dealing with shared, but discrete Testing contexts. For example, if your Product is uploading Test results for two different repositories, which need to be compared, it’s useful to know which vulnerabilities are shared across those repositories. + +However, if DefectDojo is creating excess duplicates, this can also be a sign that you need to adjust your pipelines or import processes. + +## What do my duplicates indicate? + +* **The same vulnerability, but found in a different context:** this is the appropriate way to use Duplicate Findings. If you have many components which are affected by the same vulnerability, you would likely want to know which components are affected to understand the scope of the problem. +​ +* **The same vulnerability, found in the same context**: better options exist for this case. If the Duplicate Finding does not give you any new context on the vulnerability, or if you find yourself frequently ignoring or deleting your duplicate Findings, this is a sign that your process can be improved. For example, Reimport allows you to effectively manage incoming reports from a CI/CD pipeline. Rather than create a completely new Finding object for each duplicate, Reimport will make a note of the incoming duplicate without creating the Duplicate Finding at all. + +## Overview + +DefectDojo supports four deduplication algorithms that can be selected per parser (test type): + +- **Unique ID From Tool**: Uses the scanner-provided unique identifier. +- **Hash Code**: Uses a configured set of fields to compute a hash. +- **Unique ID From Tool or Hash Code**: Prefer the tool’s unique ID; fall back to hash when no matching unique ID is found. +- **Legacy**: Historical algorithm with multiple conditions; only available in the Open Source version. + +## How endpoints are assessed per algorithm + +Endpoints can influence deduplication in different ways depending on the algorithm and configuration. + +### Unique ID From Tool + +- Deduplication uses `unique_id_from_tool` (or `vuln_id_from_tool`). +- **Endpoints are ignored** for duplicate matching. +- A finding’s hash may still be calculated for other features, but it does not affect deduplication under this algorithm. + +### Hash Code + +- Deduplication uses a hash computed from fields specified by `HASHCODE_FIELDS_PER_SCANNER` for the given parser. +- The hash also includes fields from `HASH_CODE_FIELDS_ALWAYS` (see Service field section below). +- Endpoints can affect deduplication in two ways: + - If the scanner’s hash fields include `endpoints`, they are part of the hash and must match accordingly. +- If the scanner’s hash fields do not include `endpoints`, optional endpoint-based matching can be enabled via `DEDUPE_ALGO_ENDPOINT_FIELDS` (OS setting). When configured: + - Set it to an empty list `[]` to ignore endpoints entirely. + - Set it to a list of endpoint attributes (e.g. `["host", "port"]`). If at least one endpoint pair between the two findings matches on all listed attributes, deduplication can occur. + +### Unique ID From Tool or Hash Code +A finding is a duplicate with another if they have the same unique_id_from_tool OR the same hash_code. + +The endpoints also have to match for the findings to be considered duplicates, see the Hash Code algorithm above. + +### Legacy (Open Source only) + +- Deduplication considers multiple attributes including endpoints. +- Behavior differs for static vs dynamic findings: + - **Static findings**: The new finding must contain all endpoints of the original. Extra endpoints on the new finding are allowed. + - **Dynamic findings**: Endpoints must strictly match (commonly by host and port); differing endpoints prevent deduplication. +- If there are no endpoints and both `file_path` and `line` are empty, deduplication typically does not occur. + +## Background processing + +- Dedupe is triggered on import/reimport and during certain updates run via Celery in the background. + +## Service field and its impact + +- By default, `HASH_CODE_FIELDS_ALWAYS = ["service"]`, meaning the `service` associated with a finding is appended to the hash for all scanners. +- Practical implications: + - Two otherwise identical findings with different `service` values will produce different hashes and will not deduplicate under Hash-based paths. + - During import/reimport, the `Service` field entered in the UI can override the parser-provided service. Changing it can change the hash and therefore affect deduplication outcomes. + - If you want service to have no impact on deduplication, configure `HASH_CODE_FIELDS_ALWAYS` accordingly (see the OS tuning page). Removing `service` from the always-included list will stop it from affecting hashes. + +## Delete Deduplicate Findings + +If you have an excessive amount of duplicate Findings which you want to delete, you can set **Delete Deduplicate Findings** as an option in the **System Settings**. + +**Delete Deduplicate Findings**, combined with the **Maximum Duplicates** field allows DefectDojo to limit the amount of Duplicate Findings stored. When this field is enabled, DefectDojo will only keep a certain number of Duplicate Findings. + +### Which duplicates will be deleted? + +The original Finding will never be deleted automatically from DefectDojo, but once the threshold for Maximum Duplicates is crossed, DefectDojo will automatically delete the oldest Duplicate Finding. + +For example, let’s say that you had your Maximum Duplicates field set to ‘1’. + +1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. +2. **Later, you import Test 2 contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** +3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. At this time, Finding B will be deleted from DefectDojo as the threshold for maximum duplicates has been crossed. + +### Applying this setting + +Applying **Delete Deduplicate Findings** will begin a deletion process immediately. This setting can be applied on the **System Settings** page. See Enabling Deduplication for more information. diff --git a/docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md b/docs/content/triage_findings/finding_deduplication/avoid_excess_duplicates.md similarity index 52% rename from docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md rename to docs/content/triage_findings/finding_deduplication/avoid_excess_duplicates.md index 414a16f3ed1..bd144df6dd3 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md +++ b/docs/content/triage_findings/finding_deduplication/avoid_excess_duplicates.md @@ -1,9 +1,55 @@ --- -title: "Avoid Duplicates: Reimport Recurring Tests" +title: "Avoiding Excess Duplicates" description: "" weight: 4 --- +One of DefectDojo’s strengths is that the data model can accommodate many different use\-cases and applications. You’ll likely change your approach as you master the software and discover ways to optimize your workflow. + +By default, DefectDojo does not delete any duplicate Findings that are created. Each Finding is considered to be a separate instance of a vulnerability. So in this case, **Duplicate Findings** can be an indicator that a process change is required to your workflow. + +## When are Duplicate Findings acceptable? + +Duplicate Findings are not always indicative of a problem. There are many cases where keeping duplicates is the preferred approach. For example: + +* If your team uses and reports on Interactive Engagements. If you want to create a discrete report on a single Test specifically, you would want to know if there’s an occurrence of a Finding that was already uncovered earlier. +* If you have Engagements which are contextually separated (for example, because they cover different repositories) you would want to be able to flag Findings which are occurring in both places. + +## Checking for redundant imports + +## Step 1: Clean up your excess Duplicates + +Fortunately, DefectDojo’s Deduplication settings allow you to mass\-delete duplicates once a certain threshold has been crossed. This feature makes the cleanup process easier. To learn more about this process, see our article on **Finding Deduplication** \<\-link will go here. + +### Step 2: Evaluate your Engagements for redundancies + +Once you’ve cleaned up your duplicate Findings, it’s a good practice to look at the Product which contained them to see if there’s a clear culprit. You might find that there are Engagements contained within which have a redundant context. + +#### Duplicate or Reused Engagements + +Engagements store one or more Tests for a particular testing context. That context is ultimately up to you to define for yourself, but if you see a few Engagements within your Product which should share the same context, consider combining them into a single engagement. +​ +### Questions to ask when defining Engagement context: + +* If I wanted to make a report on this work, would the Engagement contain all of the relevant information I need? +* Are we proactively creating Engagements ahead of time or are they being created ‘ad\-hoc’ by my import process? +* Are we using the right kind of Engagement \- **Interactive** or **CI/CD**? +* What section of the codebase is being worked on by tests: is each repository a separate context or could multiple repositories make up a shared context for testing? +* Who are the stakeholders involved with the Productt, and how will I share results with them? + +### Step 3: Check for redundant Tests + +If you discover that separate Tests have been created which capture the same testing context, this may be an indicator that these tests can be consolidated into a single Reimport. + +DefectDojo has two methods for importing test data to create Findings: **Import** and **Reimport**. Both of these methods are very similar, but the key difference between the two is that **Import** always creates a new Test, while **Reimport** can add new data to an existing Test. It’s also worth noting that **Reimport** does not create duplicate Findings within that Test. + +Each time you import new vulnerability reports into DefectDojo, those reports will be stored in a Test object. A Test object can be created by a user ahead of time to hold a future **Import**. If a user wants to import data without specifying a Test destination, a new Test will be created to store the incoming report. + +Tests are flexible objects, and although they can only hold one *kind* of report, they can handle multiple instances of that same report through the **Reimport** method. To learn more about Reimport, see our **[article](/import_data/import_intro/import_vs_reimport/)** on this topic. + + +## Using Reimport for continual Tests + If you have a CI/CD pipeline, a daily scan process or any kind of repeated incoming report, setting up a Reimport process in advance is key to avoiding excessive duplicates. Reimport collapses the context and Findings associated with a recurring test into a single Test page, where you can review import history and track vulnerability changes across scans. 1. Create an Engagement to store the CI/CD results for the object you’re running CI/CD on. This could be a code repository where you have CI/CD actions set up to run. Generally, you want a separate Engagement set up for each pipeline so that you can quickly understand where the Finding results are coming from. @@ -12,19 +58,19 @@ If you have a CI/CD pipeline, a daily scan process or any kind of repeated incom ​ 3. You do not need to create a new Test each time the CI/CD action runs. Instead, you can **Reimport** data to the same test location. -## Reimport in action +### Reimport in action DefectDojo will compare the incoming scan data with the existing scan data, and then apply changes to the Findings contained within your Test as follows: ​ -### Create Findings +#### Create Findings Any vulnerabilities which were not contained in the previous import will be added to the Test automatically as new Findings. ​ -### Ignore existing Findings +#### Ignore existing Findings If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. ​ -### Close Findings +#### Close Findings If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. @@ -33,7 +79,7 @@ If you don’t want any Findings to be closed, you can disable this behavior on * Uncheck the **Close Old Findings** checkbox if using the UI * Set **close\_old\_findings** to **False** if using the API ​ -### Reopen Findings +#### Reopen Findings * If there are any Closed Findings which appear again in a Reimport, they will automatically be Reopened. The assumption is that these vulnerabilities have occurred again, despite previous mitigation. The Test page will track these Findings as **Reactivated**. @@ -42,13 +88,14 @@ If you’re using a triage\-less scanner, or you don’t otherwise want Closed F * Set **do\_not\_reactivate** to **True** if using the API * Check the **Do Not Reactivate** checkbox if using the UI -## Working with Import History +### Working with Import History Import History for a given test is listed under the **Test Overview** header on the **Test** page. This table shows each Import or Reimport as a single line with a **Timestamp**, along with **Branch Tag, Build ID, Commit Hash** and **Version** columns if those were specified. ![image](images/Avoiding_Duplicates_Reimport_Recurring_Tests.png) + ### Actions This header indicates the actions taken by an Import/Reimport. @@ -58,7 +105,7 @@ This header indicates the actions taken by an Import/Reimport. * **\# left untouched shows the count of Open Findings which were unchanged by a Reimport (because they also existed in the incoming report).** * **\#** **reactivated** shows any Closed Findings which were reopened by an incoming Reimport. -## Why not simply use Import? +### Why not simply use Import? Although both methods are possible, Import should be reserved for **new occurrences** of Findings and Data, while Reimport should be applied for **further iterations** of the same data. diff --git a/docs/content/triage_findings/findings_workflows/_index.md b/docs/content/triage_findings/findings_workflows/_index.md new file mode 100644 index 00000000000..03bc39e3116 --- /dev/null +++ b/docs/content/triage_findings/findings_workflows/_index.md @@ -0,0 +1,8 @@ +--- +title: "Findings" +date: 2021-02-02T20:46:29+01:00 +draft: false +weight: 1 +type: docs +exclude_search: true +--- diff --git a/docs/content/en/working_with_findings/findings_workflows/create_findings_manually.md b/docs/content/triage_findings/findings_workflows/create_findings_manually.md similarity index 100% rename from docs/content/en/working_with_findings/findings_workflows/create_findings_manually.md rename to docs/content/triage_findings/findings_workflows/create_findings_manually.md diff --git a/docs/content/en/working_with_findings/findings_workflows/editing_findings.md b/docs/content/triage_findings/findings_workflows/editing_findings.md similarity index 99% rename from docs/content/en/working_with_findings/findings_workflows/editing_findings.md rename to docs/content/triage_findings/findings_workflows/editing_findings.md index 3602779bd8c..adece9325ff 100644 --- a/docs/content/en/working_with_findings/findings_workflows/editing_findings.md +++ b/docs/content/triage_findings/findings_workflows/editing_findings.md @@ -1,7 +1,7 @@ --- title: "Editing Findings" description: "Change a Finding’s Status, or add more metadata as you resolve an issue" -weight: 1 +weight: 2 --- If you want to add notes or update the language on a Finding to be more relevant to the current situation, you can do so through the Edit Finding form. diff --git a/docs/content/en/working_with_findings/findings_workflows/finding_status_definitions.md b/docs/content/triage_findings/findings_workflows/finding_status_definitions.md similarity index 100% rename from docs/content/en/working_with_findings/findings_workflows/finding_status_definitions.md rename to docs/content/triage_findings/findings_workflows/finding_status_definitions.md diff --git a/docs/content/en/working_with_findings/intro_to_findings.md b/docs/content/triage_findings/findings_workflows/intro_to_findings.md similarity index 95% rename from docs/content/en/working_with_findings/intro_to_findings.md rename to docs/content/triage_findings/findings_workflows/intro_to_findings.md index 8bc26bf21ae..8d455dd4150 100644 --- a/docs/content/en/working_with_findings/intro_to_findings.md +++ b/docs/content/triage_findings/findings_workflows/intro_to_findings.md @@ -74,7 +74,7 @@ If you’re in charge of security reporting for many different contexts, softwar * Each Product in DefectDojo can have a different SLA configuration, so that you can instantly flag Findings that are discovered in Production or other highly sensitive environments. * You can create a report directly from a **Product Type, Product, Engagement or Test** to ‘zoom in and out’ of your security context. **Tests** contain results from a single tool, **Engagements** can combine multiple Tests, **Products** can contain multiple Engagements, **Product Types** can contain multiple Products. -For more information on creating a Report, see our guides to **[Custom Reporting](/en/share_your_findings/pro_reports/using_the_report_builder/)**. +For more information on creating a Report, see our guides to **[Custom Reporting](/metrics_reports/reports/using_the_report_builder)**. ### Triage Vulnerabilities using Finding Status @@ -102,8 +102,3 @@ Any Appsec team member understands that issue mitigation can’t be prioritized Sometimes, the exploitability and threat posed by a known vulnerability can change based on new data. To keep your work up to date, DefectDojo Pro has partnered with First.org to maintain a database of the latest EPSS scores related to Findings. Any Findings in DefectDojo Pro will be kept up to date automatically according to their EPSS, which is directly based on the CVE of the Finding. If a Finding’s EPSS score changes (i.e. the related Finding becomes more exploitable or less exploitable), the Severity of the Finding will adjust accordingly. - -# Next Steps: - -* Learn how to add or adjust data on your Findings: **[Editing Findings](../findings_workflows/editing_findings)**. -* Learn how to apply **[Risk Acceptances](../findings_workflows/risk_acceptances/)** to Findings which create a record of sensitive decisions made surrounding risk\-accepted vulnerabilities. diff --git a/docs/content/en/working_with_findings/findings_workflows/risk_acceptances.md b/docs/content/triage_findings/findings_workflows/risk_acceptances.md similarity index 100% rename from docs/content/en/working_with_findings/findings_workflows/risk_acceptances.md rename to docs/content/triage_findings/findings_workflows/risk_acceptances.md diff --git a/docs/layouts/_partials/header/header.html b/docs/layouts/_partials/header/header.html index c76685e5e10..24af9353c0b 100644 --- a/docs/layouts/_partials/header/header.html +++ b/docs/layouts/_partials/header/header.html @@ -17,21 +17,6 @@
{{ end -}} - - - {{ partial "main/showFlexSearch" . }} {{ $showFlexSearch := .Scratch.Get "showFlexSearch" -}} @@ -148,73 +133,76 @@
{{ .Site.Params.T
--> -
- + + {{ end -}} - - {{ partial "main/showFlexSearch" . }} - {{ $showFlexSearch := .Scratch.Get "showFlexSearch" -}} - {{ if $showFlexSearch -}} - - {{ end -}} - - - {{ if site.Params.add_ons.docSearch -}} - - {{ end -}} + + {{ if site.Params.add_ons.docSearch -}} + + {{ end -}} +
+ {{ if eq site.Params.doks.multilingualMode true -}} @@ -262,7 +250,8 @@
{{ .Site.Params.T {{ $isTranslated := in $translatedLangs .Lang -}}
  • {{ .LanguageName }} + }}{{ .Lang | relURL }}{{ end }}" hreflang="{{ .Lang }}" lang="{{ .Lang }}">{{ .LanguageName + }}
    • {{- end }} {{- end }} @@ -314,47 +303,88 @@
    {{ .Site.Params.T {{ end -}} - - {{ if and (eq site.Params.doks.colorMode "auto") site.Params.doks.colorModeToggler -}} - - {{ end -}} - - - {{ if .Site.Menus.social -}} - - {{ end -}} + + {{ if .Site.Menus.social -}} + + {{ end -}} + {{ if site.Params.doks.navBarButton -}} {{ site.Params.doks.navBarButtonText + href="{{ site.Params.doks.navBarButtonUrl | absURL }}" role="button">{{ + site.Params.doks.navBarButtonText }} {{ end -}} +
    +
      + {{ $current := index (split .RelPermalink "/") 1 }} + {{ if eq $current "" }}{{ $current = "en" }}{{ end }} + + {{ range .Site.Menus.main }} + {{ $menuSegment := index (split .URL "/") 1 }} + {{ $active := eq $menuSegment $current }} + {{ if .HasChildren -}} +
    • + +
        + {{ range .Children -}} + {{- $active = eq .Name $current.Title -}} +
      • {{ .Name }}
        • + {{ end -}} +
      +
      • + {{ else -}} +
    • + {{ .Name }} +
      • + {{ end -}} + {{ end -}} +
    +
    + diff --git a/docs/layouts/_partials/sidebar/render-section-menu.html b/docs/layouts/_partials/sidebar/render-section-menu.html new file mode 100644 index 00000000000..77d257b1909 --- /dev/null +++ b/docs/layouts/_partials/sidebar/render-section-menu.html @@ -0,0 +1,67 @@ +{{- /* Get parameters */ -}} +{{- $currentPage := .currentPage -}} +{{- $nodes := .nodes -}} +{{- $version := .version | default "opensource" -}} + + + +{{- define "walk" }} + {{- $currentPage := .currentPage -}} + {{- $node := .node -}} + {{- $version := .version -}} + + {{- /* Skip node if it has a Page with an audience that does not match version */ -}} + {{- $skip := false -}} + {{- with $node.Page }} + {{- $audience := .Params.audience -}} + {{- if and $audience (ne $audience $version) }} + {{- $skip = true -}} + {{- end }} + {{- end }} + + {{- if not $skip }} + {{- $linkContent := $node.Page.LinkTitle -}} + {{- with $node.Name }} + {{- $linkContent = . }} + {{- end }} + + {{- $ariaCurrent := "" -}} + {{- $liClass := "" -}} + + {{- if $node.Page }} + {{- if in $currentPage.Ancestors $node.Page }} + {{- $ariaCurrent = "true" }} + {{- end }} + {{- if $currentPage.Eq $node.Page }} + {{- $ariaCurrent = "page" }} + {{- $liClass = "active" }} + {{- end }} + {{- end }} + +
  • + {{- with $node.Page.Pages }} + + {{ $linkContent }} +
      + {{- range . }} + {{- template "walk" (dict "node" . "currentPage" $currentPage "version" $version) }} + {{- end }} +
    + + {{- else }} + {{- if $node.Page }} + {{ $linkContent }} + {{- else }} + {{- /* Menu-only item with no page */ -}} + {{ $linkContent }} + {{- end }} + {{- end }} +
    • + {{- end }} +{{- end }} diff --git a/docs/layouts/_partials/sidebar/section-menu.html b/docs/layouts/_partials/sidebar/section-menu.html new file mode 100644 index 00000000000..c671a8ca011 --- /dev/null +++ b/docs/layouts/_partials/sidebar/section-menu.html @@ -0,0 +1,32 @@ +{{- /* section-menu.html with version toggle */ -}} + +{{- $sidebar := printf "sidebar_%s" .Section -}} +{{- $nodes := slice -}} + +{{- /* Get nodes from menu or section */ -}} +{{- with index site.Menus $sidebar }} +{{- $nodes = . -}} +{{- else }} +{{- with (.Site.GetPage "section" .Section).Sections }} +{{- $nodes = . -}} +{{- end }} +{{- end }} + + + + +
    +
    + {{ partial "sidebar/render-section-menu.html" (dict "currentPage" $ "nodes" $nodes "version" "opensource") }} +
    + +
    + {{ partial "sidebar/render-section-menu.html" (dict "currentPage" $ "nodes" $nodes "version" "pro") }} +
    +
    \ No newline at end of file diff --git a/docs/layouts/home.html b/docs/layouts/home.html index 05a254feae1..a491bfad0fd 100644 --- a/docs/layouts/home.html +++ b/docs/layouts/home.html @@ -7,29 +7,11 @@

    {{ .Title }}

    Official documentation for DefectDojo Pro and Open-Source editions,
    maintained by DefectDojo Inc. and the Open-Source community.

    {{ .Params.lead | safeHTML }}

    - Open The Docs + Open The Docs {{ .Content }}
    -
    -
    -
    -
    -

    Getting Started

    -

    Start your journey with DefectDojo with our New User Checklist.

    -
    -
    -

    Import Data

    -

    Learn how to import data from 190+ supported security tools here.

    -
    -
    -

    Create Reports

    -

    Use the Report Builder to present customizable reports of Findings.

    -
    -
    -
    -
    {{ end }} {{ define "sidebar-prefooter" }} diff --git a/docs/package-lock.json b/docs/package-lock.json index 6fc5bf14538..f3d253590e4 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -9,325 +9,27 @@ "version": "1.8.0", "license": "MIT", "dependencies": { - "@docsearch/css": "4.4.0", - "@docsearch/js": "4.4.0", + "@docsearch/css": "4.5.3", + "@docsearch/js": "4.5.3", "@tabler/icons": "3.36.1", - "@thulite/doks-core": "1.8.3", - "@thulite/images": "3.3.3", - "@thulite/inline-svg": "1.2.1", - "@thulite/seo": "2.4.2", - "thulite": "2.6.3" + "@thulite/doks-core": "1.8.4", + "@thulite/images": "3.3.4", + "@thulite/inline-svg": "1.2.2", + "@thulite/seo": "2.4.3", + "thulite": "2.6.4" }, "devDependencies": { - "prettier": "3.7.4", - "vite": "7.3.0" + "prettier": "3.8.1", + "vite": "7.3.1" }, "engines": { "node": ">=20.11.0" } }, - "node_modules/@ai-sdk/gateway": { - "version": "2.0.23", - "resolved": "https://registry.npmjs.org/@ai-sdk/gateway/-/gateway-2.0.23.tgz", - "integrity": "sha512-qmX7afPRszUqG5hryHF3UN8ITPIRSGmDW6VYCmByzjoUkgm3MekzSx2hMV1wr0P+llDeuXb378SjqUfpvWJulg==", - "license": "Apache-2.0", - "dependencies": { - "@ai-sdk/provider": "2.0.0", - "@ai-sdk/provider-utils": "3.0.19", - "@vercel/oidc": "3.0.5" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "zod": "^3.25.76 || ^4.1.8" - } - }, - "node_modules/@ai-sdk/provider": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@ai-sdk/provider/-/provider-2.0.0.tgz", - "integrity": "sha512-6o7Y2SeO9vFKB8lArHXehNuusnpddKPk7xqL7T2/b+OvXMRIXUO1rR4wcv1hAFUAT9avGZshty3Wlua/XA7TvA==", - "license": "Apache-2.0", - "dependencies": { - "json-schema": "^0.4.0" - }, - "engines": { - "node": ">=18" - } - }, - "node_modules/@ai-sdk/provider-utils": { - "version": "3.0.19", - "resolved": "https://registry.npmjs.org/@ai-sdk/provider-utils/-/provider-utils-3.0.19.tgz", - "integrity": "sha512-W41Wc9/jbUVXVwCN/7bWa4IKe8MtxO3EyA0Hfhx6grnmiYlCvpI8neSYWFE0zScXJkgA/YK3BRybzgyiXuu6JA==", - "license": "Apache-2.0", - "dependencies": { - "@ai-sdk/provider": "2.0.0", - "@standard-schema/spec": "^1.0.0", - "eventsource-parser": "^3.0.6" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "zod": "^3.25.76 || ^4.1.8" - } - }, - "node_modules/@ai-sdk/react": { - "version": "2.0.118", - "resolved": "https://registry.npmjs.org/@ai-sdk/react/-/react-2.0.118.tgz", - "integrity": "sha512-K/5VVEGTIu9SWrdQ0s/11OldFU8IjprDzeE6TaC2fOcQWhG7dGVGl9H8Z32QBHzdfJyMhFUxEyFKSOgA2j9+VQ==", - "license": "Apache-2.0", - "dependencies": { - "@ai-sdk/provider-utils": "3.0.19", - "ai": "5.0.116", - "swr": "^2.2.5", - "throttleit": "2.1.0" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "react": "^18 || ~19.0.1 || ~19.1.2 || ^19.2.1", - "zod": "^3.25.76 || ^4.1.8" - }, - "peerDependenciesMeta": { - "zod": { - "optional": true - } - } - }, - "node_modules/@algolia/abtesting": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/@algolia/abtesting/-/abtesting-1.12.2.tgz", - "integrity": "sha512-oWknd6wpfNrmRcH0vzed3UPX0i17o4kYLM5OMITyMVM2xLgaRbIafoxL0e8mcrNNb0iORCJA0evnNDKRYth5WQ==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/autocomplete-core": { - "version": "1.19.2", - "resolved": "https://registry.npmjs.org/@algolia/autocomplete-core/-/autocomplete-core-1.19.2.tgz", - "integrity": "sha512-mKv7RyuAzXvwmq+0XRK8HqZXt9iZ5Kkm2huLjgn5JoCPtDy+oh9yxUMfDDaVCw0oyzZ1isdJBc7l9nuCyyR7Nw==", - "license": "MIT", - "dependencies": { - "@algolia/autocomplete-plugin-algolia-insights": "1.19.2", - "@algolia/autocomplete-shared": "1.19.2" - } - }, - "node_modules/@algolia/autocomplete-plugin-algolia-insights": { - "version": "1.19.2", - "resolved": "https://registry.npmjs.org/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.2.tgz", - "integrity": "sha512-TjxbcC/r4vwmnZaPwrHtkXNeqvlpdyR+oR9Wi2XyfORkiGkLTVhX2j+O9SaCCINbKoDfc+c2PB8NjfOnz7+oKg==", - "license": "MIT", - "dependencies": { - "@algolia/autocomplete-shared": "1.19.2" - }, - "peerDependencies": { - "search-insights": ">= 1 < 3" - } - }, - "node_modules/@algolia/autocomplete-shared": { - "version": "1.19.2", - "resolved": "https://registry.npmjs.org/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.2.tgz", - "integrity": "sha512-jEazxZTVD2nLrC+wYlVHQgpBoBB5KPStrJxLzsIFl6Kqd1AlG9sIAGl39V5tECLpIQzB3Qa2T6ZPJ1ChkwMK/w==", - "license": "MIT", - "peerDependencies": { - "@algolia/client-search": ">= 4.9.1 < 6", - "algoliasearch": ">= 4.9.1 < 6" - } - }, - "node_modules/@algolia/client-abtesting": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-abtesting/-/client-abtesting-5.46.2.tgz", - "integrity": "sha512-oRSUHbylGIuxrlzdPA8FPJuwrLLRavOhAmFGgdAvMcX47XsyM+IOGa9tc7/K5SPvBqn4nhppOCEz7BrzOPWc4A==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-analytics": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-5.46.2.tgz", - "integrity": "sha512-EPBN2Oruw0maWOF4OgGPfioTvd+gmiNwx0HmD9IgmlS+l75DatcBkKOPNJN+0z3wBQWUO5oq602ATxIfmTQ8bA==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-common": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.46.2.tgz", - "integrity": "sha512-Hj8gswSJNKZ0oyd0wWissqyasm+wTz1oIsv5ZmLarzOZAp3vFEda8bpDQ8PUhO+DfkbiLyVnAxsPe4cGzWtqkg==", - "license": "MIT", - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-insights": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-insights/-/client-insights-5.46.2.tgz", - "integrity": "sha512-6dBZko2jt8FmQcHCbmNLB0kCV079Mx/DJcySTL3wirgDBUH7xhY1pOuUTLMiGkqM5D8moVZTvTdRKZUJRkrwBA==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-personalization": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-5.46.2.tgz", - "integrity": "sha512-1waE2Uqh/PHNeDXGn/PM/WrmYOBiUGSVxAWqiJIj73jqPqvfzZgzdakHscIVaDl6Cp+j5dwjsZ5LCgaUr6DtmA==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-query-suggestions": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-query-suggestions/-/client-query-suggestions-5.46.2.tgz", - "integrity": "sha512-EgOzTZkyDcNL6DV0V/24+oBJ+hKo0wNgyrOX/mePBM9bc9huHxIY2352sXmoZ648JXXY2x//V1kropF/Spx83w==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/client-search": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.46.2.tgz", - "integrity": "sha512-ZsOJqu4HOG5BlvIFnMU0YKjQ9ZI6r3C31dg2jk5kMWPSdhJpYL9xa5hEe7aieE+707dXeMI4ej3diy6mXdZpgA==", - "license": "MIT", - "peer": true, - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/ingestion": { - "version": "1.46.2", - "resolved": "https://registry.npmjs.org/@algolia/ingestion/-/ingestion-1.46.2.tgz", - "integrity": "sha512-1Uw2OslTWiOFDtt83y0bGiErJYy5MizadV0nHnOoHFWMoDqWW0kQoMFI65pXqRSkVvit5zjXSLik2xMiyQJDWQ==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/monitoring": { - "version": "1.46.2", - "resolved": "https://registry.npmjs.org/@algolia/monitoring/-/monitoring-1.46.2.tgz", - "integrity": "sha512-xk9f+DPtNcddWN6E7n1hyNNsATBCHIqAvVGG2EAGHJc4AFYL18uM/kMTiOKXE/LKDPyy1JhIerrh9oYb7RBrgw==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/recommend": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/recommend/-/recommend-5.46.2.tgz", - "integrity": "sha512-NApbTPj9LxGzNw4dYnZmj2BoXiAc8NmbbH6qBNzQgXklGklt/xldTvu+FACN6ltFsTzoNU6j2mWNlHQTKGC5+Q==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/requester-browser-xhr": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.46.2.tgz", - "integrity": "sha512-ekotpCwpSp033DIIrsTpYlGUCF6momkgupRV/FA3m62SreTSZUKjgK6VTNyG7TtYfq9YFm/pnh65bATP/ZWJEg==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/requester-fetch": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.46.2.tgz", - "integrity": "sha512-gKE+ZFi/6y7saTr34wS0SqYFDcjHW4Wminv8PDZEi0/mE99+hSrbKgJWxo2ztb5eqGirQTgIh1AMVacGGWM1iw==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, - "node_modules/@algolia/requester-node-http": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.46.2.tgz", - "integrity": "sha512-ciPihkletp7ttweJ8Zt+GukSVLp2ANJHU+9ttiSxsJZThXc4Y2yJ8HGVWesW5jN1zrsZsezN71KrMx/iZsOYpg==", - "license": "MIT", - "dependencies": { - "@algolia/client-common": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, "node_modules/@babel/cli": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/cli/-/cli-7.28.3.tgz", - "integrity": "sha512-n1RU5vuCX0CsaqaXm9I0KUCNKNQMy5epmzl/xdSSm70bSqhg9GWhgeosypyQLc0bK24+Xpk1WGzZlI9pJtkZdg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/cli/-/cli-7.28.6.tgz", + "integrity": "sha512-6EUNcuBbNkj08Oj4gAZ+BUU8yLCgKzgVX4gaTh09Ya2C8ICM4P+G30g4m3akRxSYAp3A/gnWchrNst7px4/nUQ==", "license": "MIT", "dependencies": { "@jridgewell/trace-mapping": "^0.3.28", @@ -354,12 +56,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz", - "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.28.6.tgz", + "integrity": "sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q==", "license": "MIT", "dependencies": { - "@babel/helper-validator-identifier": "^7.27.1", + "@babel/helper-validator-identifier": "^7.28.5", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" }, @@ -368,30 +70,30 @@ } }, "node_modules/@babel/compat-data": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.4.tgz", - "integrity": "sha512-YsmSKC29MJwf0gF8Rjjrg5LQCmyh+j/nD8/eP7f+BeoQTKYqs9RoWbjGOdy0+1Ekr68RJZMUOPVQaQisnIo4Rw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.6.tgz", + "integrity": "sha512-2lfu57JtzctfIrcGMz992hyLlByuzgIk58+hhGCxjKZ3rWI82NnVLjXcaTqkI2NvlcvOskZaiZ5kjUALo3Lpxg==", "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/core": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", - "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.6.tgz", + "integrity": "sha512-H3mcG6ZDLTlYfaSNi0iOKkigqMFvkTKlGUYlD8GW7nNOYRrevuA46iTypPyv+06V3fEmvvazfntkBU34L0azAw==", "license": "MIT", "peer": true, "dependencies": { - "@babel/code-frame": "^7.27.1", - "@babel/generator": "^7.28.3", - "@babel/helper-compilation-targets": "^7.27.2", - "@babel/helper-module-transforms": "^7.28.3", - "@babel/helpers": "^7.28.4", - "@babel/parser": "^7.28.4", - "@babel/template": "^7.27.2", - "@babel/traverse": "^7.28.4", - "@babel/types": "^7.28.4", + "@babel/code-frame": "^7.28.6", + "@babel/generator": "^7.28.6", + "@babel/helper-compilation-targets": "^7.28.6", + "@babel/helper-module-transforms": "^7.28.6", + "@babel/helpers": "^7.28.6", + "@babel/parser": "^7.28.6", + "@babel/template": "^7.28.6", + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6", "@jridgewell/remapping": "^2.3.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", @@ -408,13 +110,13 @@ } }, "node_modules/@babel/generator": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.3.tgz", - "integrity": "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.6.tgz", + "integrity": "sha512-lOoVRwADj8hjf7al89tvQ2a1lf53Z+7tiXMgpZJL3maQPDxh0DgLMN62B2MKUOFcoodBHLMbDM6WAbKgNy5Suw==", "license": "MIT", "dependencies": { - "@babel/parser": "^7.28.3", - "@babel/types": "^7.28.2", + "@babel/parser": "^7.28.6", + "@babel/types": "^7.28.6", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" @@ -436,12 +138,12 @@ } }, "node_modules/@babel/helper-compilation-targets": { - "version": "7.27.2", - "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz", - "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.28.6.tgz", + "integrity": "sha512-JYtls3hqi15fcx5GaSNL7SCTJ2MNmjrkHXg4FSpOA/grxK8KwyZ5bubHsCq8FXCkua6xhuaaBit+3b7+VZRfcA==", "license": "MIT", "dependencies": { - "@babel/compat-data": "^7.27.2", + "@babel/compat-data": "^7.28.6", "@babel/helper-validator-option": "^7.27.1", "browserslist": "^4.24.0", "lru-cache": "^5.1.1", @@ -452,17 +154,17 @@ } }, "node_modules/@babel/helper-create-class-features-plugin": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.28.3.tgz", - "integrity": "sha512-V9f6ZFIYSLNEbuGA/92uOvYsGCJNsuA8ESZ4ldc09bWk/j8H8TKiPw8Mk1eG6olpnO0ALHJmYfZvF4MEE4gajg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.28.6.tgz", + "integrity": "sha512-dTOdvsjnG3xNT9Y0AUg1wAl38y+4Rl4sf9caSQZOXdNqVn+H+HbbJ4IyyHaIqNR6SW9oJpA/RuRjsjCw2IdIow==", "license": "MIT", "dependencies": { "@babel/helper-annotate-as-pure": "^7.27.3", - "@babel/helper-member-expression-to-functions": "^7.27.1", + "@babel/helper-member-expression-to-functions": "^7.28.5", "@babel/helper-optimise-call-expression": "^7.27.1", - "@babel/helper-replace-supers": "^7.27.1", + "@babel/helper-replace-supers": "^7.28.6", "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1", - "@babel/traverse": "^7.28.3", + "@babel/traverse": "^7.28.6", "semver": "^6.3.1" }, "engines": { @@ -473,13 +175,13 @@ } }, "node_modules/@babel/helper-create-regexp-features-plugin": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.27.1.tgz", - "integrity": "sha512-uVDC72XVf8UbrH5qQTc18Agb8emwjTiZrQE11Nv3CuBEZmVvTwwE9CBUEvHku06gQCAyYf8Nv6ja1IN+6LMbxQ==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.28.5.tgz", + "integrity": "sha512-N1EhvLtHzOvj7QQOUCCS3NrPJP8c5W6ZXCHDn7Yialuy1iu4r5EmIYkXlKNqT99Ciw+W0mDqWoR6HWMZlFP3hw==", "license": "MIT", "dependencies": { - "@babel/helper-annotate-as-pure": "^7.27.1", - "regexpu-core": "^6.2.0", + "@babel/helper-annotate-as-pure": "^7.27.3", + "regexpu-core": "^6.3.1", "semver": "^6.3.1" }, "engines": { @@ -515,40 +217,40 @@ } }, "node_modules/@babel/helper-member-expression-to-functions": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.27.1.tgz", - "integrity": "sha512-E5chM8eWjTp/aNoVpcbfM7mLxu9XGLWYise2eBKGQomAk/Mb4XoxyqXTZbuTohbsl8EKqdlMhnDI2CCLfcs9wA==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.28.5.tgz", + "integrity": "sha512-cwM7SBRZcPCLgl8a7cY0soT1SptSzAlMH39vwiRpOQkJlh53r5hdHwLSCZpQdVLT39sZt+CRpNwYG4Y2v77atg==", "license": "MIT", "dependencies": { - "@babel/traverse": "^7.27.1", - "@babel/types": "^7.27.1" + "@babel/traverse": "^7.28.5", + "@babel/types": "^7.28.5" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-module-imports": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz", - "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.28.6.tgz", + "integrity": "sha512-l5XkZK7r7wa9LucGw9LwZyyCUscb4x37JWTPz7swwFE/0FMQAGpiWUZn8u9DzkSBWEcK25jmvubfpw2dnAMdbw==", "license": "MIT", "dependencies": { - "@babel/traverse": "^7.27.1", - "@babel/types": "^7.27.1" + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-module-transforms": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz", - "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.6.tgz", + "integrity": "sha512-67oXFAYr2cDLDVGLXTEABjdBJZ6drElUSI7WKp70NrpyISso3plG9SAGEF6y7zbha/wOzUByWWTJvEDVNIUGcA==", "license": "MIT", "dependencies": { - "@babel/helper-module-imports": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1", - "@babel/traverse": "^7.28.3" + "@babel/helper-module-imports": "^7.28.6", + "@babel/helper-validator-identifier": "^7.28.5", + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -570,9 +272,9 @@ } }, "node_modules/@babel/helper-plugin-utils": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz", - "integrity": "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.28.6.tgz", + "integrity": "sha512-S9gzZ/bz83GRysI7gAD4wPT/AI3uCnY+9xn+Mx/KPs2JwHJIz1W8PZkg2cqyt3RNOBM8ejcXhV6y8Og7ly/Dug==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -596,14 +298,14 @@ } }, "node_modules/@babel/helper-replace-supers": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.27.1.tgz", - "integrity": "sha512-7EHz6qDZc8RYS5ElPoShMheWvEgERonFCs7IAonWLLUTXW59DP14bCZt89/GKyreYn8g3S83m21FelHKbeDCKA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.28.6.tgz", + "integrity": "sha512-mq8e+laIk94/yFec3DxSjCRD2Z0TAjhVbEJY3UQrlwVo15Lmt7C2wAUbK4bjnTs4APkwsYLTahXRraQXhb1WCg==", "license": "MIT", "dependencies": { - "@babel/helper-member-expression-to-functions": "^7.27.1", + "@babel/helper-member-expression-to-functions": "^7.28.5", "@babel/helper-optimise-call-expression": "^7.27.1", - "@babel/traverse": "^7.27.1" + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -635,9 +337,9 @@ } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz", - "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", + "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -653,39 +355,39 @@ } }, "node_modules/@babel/helper-wrap-function": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.28.3.tgz", - "integrity": "sha512-zdf983tNfLZFletc0RRXYrHrucBEg95NIFMkn6K9dbeMYnsgHaSBGcQqdsCSStG2PYwRre0Qc2NNSCXbG+xc6g==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.28.6.tgz", + "integrity": "sha512-z+PwLziMNBeSQJonizz2AGnndLsP2DeGHIxDAn+wdHOGuo4Fo1x1HBPPXeE9TAOPHNNWQKCSlA2VZyYyyibDnQ==", "license": "MIT", "dependencies": { - "@babel/template": "^7.27.2", - "@babel/traverse": "^7.28.3", - "@babel/types": "^7.28.2" + "@babel/template": "^7.28.6", + "@babel/traverse": "^7.28.6", + "@babel/types": "^7.28.6" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helpers": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz", - "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.6.tgz", + "integrity": "sha512-xOBvwq86HHdB7WUDTfKfT/Vuxh7gElQ+Sfti2Cy6yIWNW05P8iUslOVcZ4/sKbE+/jQaukQAdz/gf3724kYdqw==", "license": "MIT", "dependencies": { - "@babel/template": "^7.27.2", - "@babel/types": "^7.28.4" + "@babel/template": "^7.28.6", + "@babel/types": "^7.28.6" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/parser": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz", - "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.6.tgz", + "integrity": "sha512-TeR9zWR18BvbfPmGbLampPMW+uW1NZnJlRuuHso8i87QZNq2JRF9i6RgxRqtEq+wQGsS19NNTWr2duhnE49mfQ==", "license": "MIT", "dependencies": { - "@babel/types": "^7.28.4" + "@babel/types": "^7.28.6" }, "bin": { "parser": "bin/babel-parser.js" @@ -695,13 +397,13 @@ } }, "node_modules/@babel/plugin-bugfix-firefox-class-in-computed-class-key": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz", - "integrity": "sha512-QPG3C9cCVRQLxAVwmefEmwdTanECuUBMQZ/ym5kiw3XKCGA7qkuQLcjWWHcrD/GKbn/WmJwaezfuuAOcyKlRPA==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.28.5.tgz", + "integrity": "sha512-87GDMS3tsmMSi/3bWOte1UblL+YUTFMV8SZPZ2eSEL17s74Cw/l63rR6NmGVKMYW2GYi85nE+/d6Hw5N0bEk2Q==", "license": "MIT", "dependencies": { "@babel/helper-plugin-utils": "^7.27.1", - "@babel/traverse": "^7.27.1" + "@babel/traverse": "^7.28.5" }, "engines": { "node": ">=6.9.0" @@ -758,13 +460,13 @@ } }, "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.28.3.tgz", - "integrity": "sha512-b6YTX108evsvE4YgWyQ921ZAFFQm3Bn+CA3+ZXlNVnPhx+UfsVURoPjfGAPCjBgrqo30yX/C2nZGX96DxvR9Iw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.28.6.tgz", + "integrity": "sha512-a0aBScVTlNaiUe35UtfxAN7A/tehvvG4/ByO6+46VPKTRSlfnAFsgKy0FUh+qAkQrDTmhDkT+IBOKlOoMUxQ0g==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/traverse": "^7.28.3" + "@babel/helper-plugin-utils": "^7.28.6", + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -786,12 +488,12 @@ } }, "node_modules/@babel/plugin-syntax-import-assertions": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.27.1.tgz", - "integrity": "sha512-UT/Jrhw57xg4ILHLFnzFpPDlMbcdEicaAtjPQpbj9wa8T4r5KVWCimHcL/460g8Ht0DMxDyjsLgiWSkVjnwPFg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.28.6.tgz", + "integrity": "sha512-pSJUpFHdx9z5nqTSirOCMtYVP2wFgoWhP0p3g8ONK/4IHhLIBd0B9NYqAvIUAhq+OkhO4VM1tENCt0cjlsNShw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -801,12 +503,12 @@ } }, "node_modules/@babel/plugin-syntax-import-attributes": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz", - "integrity": "sha512-oFT0FrKHgF53f4vOsZGi2Hh3I35PfSmVs4IBFLFj4dnafP+hIWDLg3VyKmUHfLoLHlyxY4C7DGtmHuJgn+IGww==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.28.6.tgz", + "integrity": "sha512-jiLC0ma9XkQT3TKJ9uYvlakm66Pamywo+qwL+oL8HJOvc6TWdZXVfhqJr8CCzbSGUAbDOzlGHJC1U+vRfLQDvw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -847,14 +549,14 @@ } }, "node_modules/@babel/plugin-transform-async-generator-functions": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.28.0.tgz", - "integrity": "sha512-BEOdvX4+M765icNPZeidyADIvQ1m1gmunXufXxvRESy/jNNyfovIqUyE7MVgGBjWktCoJlzvFA1To2O4ymIO3Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.28.6.tgz", + "integrity": "sha512-9knsChgsMzBV5Yh3kkhrZNxH3oCYAfMBkNNaVN4cP2RVlFPe8wYdwwcnOsAbkdDoV9UjFtOXWrWB52M8W4jNeA==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-plugin-utils": "^7.28.6", "@babel/helper-remap-async-to-generator": "^7.27.1", - "@babel/traverse": "^7.28.0" + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -864,13 +566,13 @@ } }, "node_modules/@babel/plugin-transform-async-to-generator": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.27.1.tgz", - "integrity": "sha512-NREkZsZVJS4xmTr8qzE5y8AfIPqsdQfRuUiLRTEzb7Qii8iFWCyDKaUV2c0rCuh4ljDZ98ALHP/PetiBV2nddA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.28.6.tgz", + "integrity": "sha512-ilTRcmbuXjsMmcZ3HASTe4caH5Tpo93PkTxF9oG2VZsSWsahydmcEHhix9Ik122RcTnZnUzPbmux4wh1swfv7g==", "license": "MIT", "dependencies": { - "@babel/helper-module-imports": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-module-imports": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6", "@babel/helper-remap-async-to-generator": "^7.27.1" }, "engines": { @@ -896,12 +598,12 @@ } }, "node_modules/@babel/plugin-transform-block-scoping": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.4.tgz", - "integrity": "sha512-1yxmvN0MJHOhPVmAsmoW5liWwoILobu/d/ShymZmj867bAdxGbehIrew1DuLpw2Ukv+qDSSPQdYW1dLNE7t11A==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.6.tgz", + "integrity": "sha512-tt/7wOtBmwHPNMPu7ax4pdPz6shjFrmHDghvNC+FG9Qvj7D6mJcoRQIF5dy4njmxR941l6rgtvfSB2zX3VlUIw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -911,13 +613,13 @@ } }, "node_modules/@babel/plugin-transform-class-properties": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.27.1.tgz", - "integrity": "sha512-D0VcalChDMtuRvJIu3U/fwWjf8ZMykz5iZsg77Nuj821vCKI3zCyRLwRdWbsuJ/uRwZhZ002QtCqIkwC/ZkvbA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.28.6.tgz", + "integrity": "sha512-dY2wS3I2G7D697VHndN91TJr8/AAfXQNt5ynCTI/MpxMsSzHp+52uNivYT5wCPax3whc47DR8Ba7cmlQMg24bw==", "license": "MIT", "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-class-features-plugin": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -927,13 +629,13 @@ } }, "node_modules/@babel/plugin-transform-class-static-block": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.28.3.tgz", - "integrity": "sha512-LtPXlBbRoc4Njl/oh1CeD/3jC+atytbnf/UqLoqTDcEYGUPj022+rvfkbDYieUrSj3CaV4yHDByPE+T2HwfsJg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.28.6.tgz", + "integrity": "sha512-rfQ++ghVwTWTqQ7w8qyDxL1XGihjBss4CmTgGRCTAC9RIbhVpyp4fOeZtta0Lbf+dTNIVJer6ych2ibHwkZqsQ==", "license": "MIT", "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.28.3", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-class-features-plugin": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -943,17 +645,17 @@ } }, "node_modules/@babel/plugin-transform-classes": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.4.tgz", - "integrity": "sha512-cFOlhIYPBv/iBoc+KS3M6et2XPtbT2HiCRfBXWtfpc9OAyostldxIf9YAYB6ypURBBbx+Qv6nyrLzASfJe+hBA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.6.tgz", + "integrity": "sha512-EF5KONAqC5zAqT783iMGuM2ZtmEBy+mJMOKl2BCvPZ2lVrwvXnB6o+OBWCS+CoeCCpVRF2sA2RBKUxvT8tQT5Q==", "license": "MIT", "dependencies": { "@babel/helper-annotate-as-pure": "^7.27.3", - "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-compilation-targets": "^7.28.6", "@babel/helper-globals": "^7.28.0", - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/helper-replace-supers": "^7.27.1", - "@babel/traverse": "^7.28.4" + "@babel/helper-plugin-utils": "^7.28.6", + "@babel/helper-replace-supers": "^7.28.6", + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -963,13 +665,13 @@ } }, "node_modules/@babel/plugin-transform-computed-properties": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.27.1.tgz", - "integrity": "sha512-lj9PGWvMTVksbWiDT2tW68zGS/cyo4AkZ/QTp0sQT0mjPopCmrSkzxeXkznjqBxzDI6TclZhOJbBmbBLjuOZUw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.28.6.tgz", + "integrity": "sha512-bcc3k0ijhHbc2lEfpFHgx7eYw9KNXqOerKWfzbxEHUGKnS3sz9C4CNL9OiFN1297bDNfUiSO7DaLzbvHQQQ1BQ==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/template": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6", + "@babel/template": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -979,13 +681,13 @@ } }, "node_modules/@babel/plugin-transform-destructuring": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.0.tgz", - "integrity": "sha512-v1nrSMBiKcodhsyJ4Gf+Z0U/yawmJDBOTpEB3mcQY52r9RIyPneGyAS/yM6seP/8I+mWI3elOMtT5dB8GJVs+A==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.5.tgz", + "integrity": "sha512-Kl9Bc6D0zTUcFUvkNuQh4eGXPKKNDOJQXVyyM4ZAQPMveniJdxi8XMJwLo+xSoW3MIq81bD33lcUe9kZpl0MCw==", "license": "MIT", "dependencies": { "@babel/helper-plugin-utils": "^7.27.1", - "@babel/traverse": "^7.28.0" + "@babel/traverse": "^7.28.5" }, "engines": { "node": ">=6.9.0" @@ -995,13 +697,13 @@ } }, "node_modules/@babel/plugin-transform-dotall-regex": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.27.1.tgz", - "integrity": "sha512-gEbkDVGRvjj7+T1ivxrfgygpT7GUd4vmODtYpbs0gZATdkX8/iSnOtZSxiZnsgm1YjTgjI6VKBGSJJevkrclzw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.28.6.tgz", + "integrity": "sha512-SljjowuNKB7q5Oayv4FoPzeB74g3QgLt8IVJw9ADvWy3QnUb/01aw8I4AVv8wYnPvQz2GDDZ/g3GhcNyDBI4Bg==", "license": "MIT", "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-regexp-features-plugin": "^7.28.5", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1026,13 +728,13 @@ } }, "node_modules/@babel/plugin-transform-duplicate-named-capturing-groups-regex": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.27.1.tgz", - "integrity": "sha512-hkGcueTEzuhB30B3eJCbCYeCaaEQOmQR0AdvzpD4LoN0GXMWzzGSuRrxR2xTnCrvNbVwK9N6/jQ92GSLfiZWoQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.28.6.tgz", + "integrity": "sha512-5suVoXjC14lUN6ZL9OLKIHCNVWCrqGqlmEp/ixdXjvgnEl/kauLvvMO/Xw9NyMc95Joj1AeLVPVMvibBgSoFlA==", "license": "MIT", "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-regexp-features-plugin": "^7.28.5", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1057,13 +759,13 @@ } }, "node_modules/@babel/plugin-transform-explicit-resource-management": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-explicit-resource-management/-/plugin-transform-explicit-resource-management-7.28.0.tgz", - "integrity": "sha512-K8nhUcn3f6iB+P3gwCv/no7OdzOZQcKchW6N389V6PD8NUWKZHzndOd9sPDVbMoBsbmjMqlB4L9fm+fEFNVlwQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-explicit-resource-management/-/plugin-transform-explicit-resource-management-7.28.6.tgz", + "integrity": "sha512-Iao5Konzx2b6g7EPqTy40UZbcdXE126tTxVFr/nAIj+WItNxjKSYTEw3RC+A2/ZetmdJsgueL1KhaMCQHkLPIg==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/plugin-transform-destructuring": "^7.28.0" + "@babel/helper-plugin-utils": "^7.28.6", + "@babel/plugin-transform-destructuring": "^7.28.5" }, "engines": { "node": ">=6.9.0" @@ -1073,12 +775,12 @@ } }, "node_modules/@babel/plugin-transform-exponentiation-operator": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz", - "integrity": "sha512-uspvXnhHvGKf2r4VVtBpeFnuDWsJLQ6MF6lGJLC89jBR1uoVeqM416AZtTuhTezOfgHicpJQmoD5YUakO/YmXQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.28.6.tgz", + "integrity": "sha512-WitabqiGjV/vJ0aPOLSFfNY1u9U3R7W36B03r5I2KoNix+a3sOhJ3pKFB3R5It9/UiK78NiO0KE9P21cMhlPkw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1136,12 +838,12 @@ } }, "node_modules/@babel/plugin-transform-json-strings": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.27.1.tgz", - "integrity": "sha512-6WVLVJiTjqcQauBhn1LkICsR2H+zm62I3h9faTDKt1qP4jn2o72tSvqMwtGFKGTpojce0gJs+76eZ2uCHRZh0Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.28.6.tgz", + "integrity": "sha512-Nr+hEN+0geQkzhbdgQVPoqr47lZbm+5fCUmO70722xJZd0Mvb59+33QLImGj6F+DkK3xgDi1YVysP8whD6FQAw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1166,12 +868,12 @@ } }, "node_modules/@babel/plugin-transform-logical-assignment-operators": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz", - "integrity": "sha512-SJvDs5dXxiae4FbSL1aBJlG4wvl594N6YEVVn9e3JGulwioy6z3oPjx/sQBO3Y4NwUu5HNix6KJ3wBZoewcdbw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.28.6.tgz", + "integrity": "sha512-+anKKair6gpi8VsM/95kmomGNMD0eLz1NQ8+Pfw5sAwWH9fGYXT50E55ZpV0pHUHWf6IUTWPM+f/7AAff+wr9A==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1212,13 +914,13 @@ } }, "node_modules/@babel/plugin-transform-modules-commonjs": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.27.1.tgz", - "integrity": "sha512-OJguuwlTYlN0gBZFRPqwOGNWssZjfIUdS7HMYtN8c1KmwpwHFBwTeFZrg9XZa+DFTitWOW5iTAG7tyCUPsCCyw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.28.6.tgz", + "integrity": "sha512-jppVbf8IV9iWWwWTQIxJMAJCWBuuKx71475wHwYytrRGQ2CWiDvYlADQno3tcYpS/T2UUWFQp3nVtYfK/YBQrA==", "license": "MIT", "dependencies": { - "@babel/helper-module-transforms": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-module-transforms": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1228,15 +930,15 @@ } }, "node_modules/@babel/plugin-transform-modules-systemjs": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz", - "integrity": "sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA==", + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.28.5.tgz", + "integrity": "sha512-vn5Jma98LCOeBy/KpeQhXcV2WZgaRUtjwQmjoBuLNlOmkg0fB5pdvYVeWRYI69wWKwK2cD1QbMiUQnoujWvrew==", "license": "MIT", "dependencies": { - "@babel/helper-module-transforms": "^7.27.1", + "@babel/helper-module-transforms": "^7.28.3", "@babel/helper-plugin-utils": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1", - "@babel/traverse": "^7.27.1" + "@babel/helper-validator-identifier": "^7.28.5", + "@babel/traverse": "^7.28.5" }, "engines": { "node": ">=6.9.0" @@ -1293,12 +995,12 @@ } }, "node_modules/@babel/plugin-transform-nullish-coalescing-operator": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.27.1.tgz", - "integrity": "sha512-aGZh6xMo6q9vq1JGcw58lZ1Z0+i0xB2x0XaauNIUXd6O1xXc3RwoWEBlsTQrY4KQ9Jf0s5rgD6SiNkaUdJegTA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.28.6.tgz", + "integrity": "sha512-3wKbRgmzYbw24mDJXT7N+ADXw8BC/imU9yo9c9X9NKaLF1fW+e5H1U5QjMUBe4Qo4Ox/o++IyUkl1sVCLgevKg==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1308,12 +1010,12 @@ } }, "node_modules/@babel/plugin-transform-numeric-separator": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.27.1.tgz", - "integrity": "sha512-fdPKAcujuvEChxDBJ5c+0BTaS6revLV7CJL08e4m3de8qJfNIuCc2nc7XJYOjBoTMJeqSmwXJ0ypE14RCjLwaw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.28.6.tgz", + "integrity": "sha512-SJR8hPynj8outz+SlStQSwvziMN4+Bq99it4tMIf5/Caq+3iOc0JtKyse8puvyXkk3eFRIA5ID/XfunGgO5i6w==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1323,16 +1025,16 @@ } }, "node_modules/@babel/plugin-transform-object-rest-spread": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.4.tgz", - "integrity": "sha512-373KA2HQzKhQCYiRVIRr+3MjpCObqzDlyrM6u4I201wL8Mp2wHf7uB8GhDwis03k2ti8Zr65Zyyqs1xOxUF/Ew==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.6.tgz", + "integrity": "sha512-5rh+JR4JBC4pGkXLAcYdLHZjXudVxWMXbB6u6+E9lRL5TrGVbHt1TjxGbZ8CkmYw9zjkB7jutzOROArsqtncEA==", "license": "MIT", "dependencies": { - "@babel/helper-compilation-targets": "^7.27.2", - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/plugin-transform-destructuring": "^7.28.0", + "@babel/helper-compilation-targets": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6", + "@babel/plugin-transform-destructuring": "^7.28.5", "@babel/plugin-transform-parameters": "^7.27.7", - "@babel/traverse": "^7.28.4" + "@babel/traverse": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1358,12 +1060,12 @@ } }, "node_modules/@babel/plugin-transform-optional-catch-binding": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.27.1.tgz", - "integrity": "sha512-txEAEKzYrHEX4xSZN4kJ+OfKXFVSWKB2ZxM9dpcE3wT7smwkNmXo5ORRlVzMVdJbD+Q8ILTgSD7959uj+3Dm3Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.28.6.tgz", + "integrity": "sha512-R8ja/Pyrv0OGAvAXQhSTmWyPJPml+0TMqXlO5w+AsMEiwb2fg3WkOvob7UxFSL3OIttFSGSRFKQsOhJ/X6HQdQ==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1373,12 +1075,12 @@ } }, "node_modules/@babel/plugin-transform-optional-chaining": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz", - "integrity": "sha512-BQmKPPIuc8EkZgNKsv0X4bPmOoayeu4F1YCwx2/CfmDSXDbp7GnzlUH+/ul5VGfRg1AoFPsrIThlEBj2xb4CAg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.28.6.tgz", + "integrity": "sha512-A4zobikRGJTsX9uqVFdafzGkqD30t26ck2LmOzAuLL8b2x6k3TIqRiT2xVvA9fNmFeTX484VpsdgmKNA0bS23w==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-plugin-utils": "^7.28.6", "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1" }, "engines": { @@ -1404,13 +1106,13 @@ } }, "node_modules/@babel/plugin-transform-private-methods": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.27.1.tgz", - "integrity": "sha512-10FVt+X55AjRAYI9BrdISN9/AQWHqldOeZDUoLyif1Kn05a56xVBXb8ZouL8pZ9jem8QpXaOt8TS7RHUIS+GPA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.28.6.tgz", + "integrity": "sha512-piiuapX9CRv7+0st8lmuUlRSmX6mBcVeNQ1b4AYzJxfCMuBfB0vBXDiGSmm03pKJw1v6cZ8KSeM+oUnM6yAExg==", "license": "MIT", "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-class-features-plugin": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1420,14 +1122,14 @@ } }, "node_modules/@babel/plugin-transform-private-property-in-object": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.27.1.tgz", - "integrity": "sha512-5J+IhqTi1XPa0DXF83jYOaARrX+41gOewWbkPyjMNRDqgOCqdffGh8L3f/Ek5utaEBZExjSAzcyjmV9SSAWObQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.28.6.tgz", + "integrity": "sha512-b97jvNSOb5+ehyQmBpmhOCiUC5oVK4PMnpRvO7+ymFBoqYjeDHIU9jnrNUuwHOiL9RpGDoKBpSViarV+BU+eVA==", "license": "MIT", "dependencies": { - "@babel/helper-annotate-as-pure": "^7.27.1", - "@babel/helper-create-class-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-annotate-as-pure": "^7.27.3", + "@babel/helper-create-class-features-plugin": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1452,12 +1154,12 @@ } }, "node_modules/@babel/plugin-transform-regenerator": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.4.tgz", - "integrity": "sha512-+ZEdQlBoRg9m2NnzvEeLgtvBMO4tkFBw5SQIUgLICgTrumLoU7lr+Oghi6km2PFj+dbUt2u1oby2w3BDO9YQnA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.6.tgz", + "integrity": "sha512-eZhoEZHYQLL5uc1gS5e9/oTknS0sSSAtd5TkKMUp3J+S/CaUjagc0kOUPsEbDmMeva0nC3WWl4SxVY6+OBuxfw==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1467,13 +1169,13 @@ } }, "node_modules/@babel/plugin-transform-regexp-modifiers": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.27.1.tgz", - "integrity": "sha512-TtEciroaiODtXvLZv4rmfMhkCv8jx3wgKpL68PuiPh2M4fvz5jhsA7697N1gMvkvr/JTF13DrFYyEbY9U7cVPA==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.28.6.tgz", + "integrity": "sha512-QGWAepm9qxpaIs7UM9FvUSnCGlb8Ua1RhyM4/veAxLwt3gMat/LSGrZixyuj4I6+Kn9iwvqCyPTtbdxanYoWYg==", "license": "MIT", "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-regexp-features-plugin": "^7.28.5", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1513,12 +1215,12 @@ } }, "node_modules/@babel/plugin-transform-spread": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.27.1.tgz", - "integrity": "sha512-kpb3HUqaILBJcRFVhFUs6Trdd4mkrzcGXss+6/mxUd273PfbWqSDHRzMT2234gIg2QYfAjvXLSquP1xECSg09Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.28.6.tgz", + "integrity": "sha512-9U4QObUC0FtJl05AsUcodau/RWDytrU6uKgkxu09mLR9HLDAtUMoPuuskm5huQsoktmsYpI+bGmq+iapDcriKA==", "license": "MIT", "dependencies": { - "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-plugin-utils": "^7.28.6", "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1" }, "engines": { @@ -1589,13 +1291,13 @@ } }, "node_modules/@babel/plugin-transform-unicode-property-regex": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.27.1.tgz", - "integrity": "sha512-uW20S39PnaTImxp39O5qFlHLS9LJEmANjMG7SxIhap8rCHqu0Ik+tLEPX5DKmHn6CsWQ7j3lix2tFOa5YtL12Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.28.6.tgz", + "integrity": "sha512-4Wlbdl/sIZjzi/8St0evF0gEZrgOswVO6aOzqxh1kDZOl9WmLrHq2HtGhnOJZmHZYKP8WZ1MDLCt5DAWwRo57A==", "license": "MIT", "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-regexp-features-plugin": "^7.28.5", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1621,13 +1323,13 @@ } }, "node_modules/@babel/plugin-transform-unicode-sets-regex": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.27.1.tgz", - "integrity": "sha512-EtkOujbc4cgvb0mlpQefi4NTPBzhSIevblFevACNLUspmrALgmEBdL/XfnyyITfd8fKBZrZys92zOWcik7j9Tw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.28.6.tgz", + "integrity": "sha512-/wHc/paTUmsDYN7SZkpWxogTOBNnlx7nBQYfy6JJlCT7G3mVhltk3e++N7zV0XfgGsrqBxd4rJQt9H16I21Y1Q==", "license": "MIT", "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1" + "@babel/helper-create-regexp-features-plugin": "^7.28.5", + "@babel/helper-plugin-utils": "^7.28.6" }, "engines": { "node": ">=6.9.0" @@ -1637,75 +1339,75 @@ } }, "node_modules/@babel/preset-env": { - "version": "7.28.3", - "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.28.3.tgz", - "integrity": "sha512-ROiDcM+GbYVPYBOeCR6uBXKkQpBExLl8k9HO1ygXEyds39j+vCCsjmj7S8GOniZQlEs81QlkdJZe76IpLSiqpg==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.28.6.tgz", + "integrity": "sha512-GaTI4nXDrs7l0qaJ6Rg06dtOXTBCG6TMDB44zbqofCIC4PqC7SEvmFFtpxzCDw9W5aJ7RKVshgXTLvLdBFV/qw==", "license": "MIT", "dependencies": { - "@babel/compat-data": "^7.28.0", - "@babel/helper-compilation-targets": "^7.27.2", - "@babel/helper-plugin-utils": "^7.27.1", + "@babel/compat-data": "^7.28.6", + "@babel/helper-compilation-targets": "^7.28.6", + "@babel/helper-plugin-utils": "^7.28.6", "@babel/helper-validator-option": "^7.27.1", - "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.27.1", + "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.28.5", "@babel/plugin-bugfix-safari-class-field-initializer-scope": "^7.27.1", "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.27.1", "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.27.1", - "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.28.3", + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.28.6", "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2", - "@babel/plugin-syntax-import-assertions": "^7.27.1", - "@babel/plugin-syntax-import-attributes": "^7.27.1", + "@babel/plugin-syntax-import-assertions": "^7.28.6", + "@babel/plugin-syntax-import-attributes": "^7.28.6", "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6", "@babel/plugin-transform-arrow-functions": "^7.27.1", - "@babel/plugin-transform-async-generator-functions": "^7.28.0", - "@babel/plugin-transform-async-to-generator": "^7.27.1", + "@babel/plugin-transform-async-generator-functions": "^7.28.6", + "@babel/plugin-transform-async-to-generator": "^7.28.6", "@babel/plugin-transform-block-scoped-functions": "^7.27.1", - "@babel/plugin-transform-block-scoping": "^7.28.0", - "@babel/plugin-transform-class-properties": "^7.27.1", - "@babel/plugin-transform-class-static-block": "^7.28.3", - "@babel/plugin-transform-classes": "^7.28.3", - "@babel/plugin-transform-computed-properties": "^7.27.1", - "@babel/plugin-transform-destructuring": "^7.28.0", - "@babel/plugin-transform-dotall-regex": "^7.27.1", + "@babel/plugin-transform-block-scoping": "^7.28.6", + "@babel/plugin-transform-class-properties": "^7.28.6", + "@babel/plugin-transform-class-static-block": "^7.28.6", + "@babel/plugin-transform-classes": "^7.28.6", + "@babel/plugin-transform-computed-properties": "^7.28.6", + "@babel/plugin-transform-destructuring": "^7.28.5", + "@babel/plugin-transform-dotall-regex": "^7.28.6", "@babel/plugin-transform-duplicate-keys": "^7.27.1", - "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.27.1", + "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.28.6", "@babel/plugin-transform-dynamic-import": "^7.27.1", - "@babel/plugin-transform-explicit-resource-management": "^7.28.0", - "@babel/plugin-transform-exponentiation-operator": "^7.27.1", + "@babel/plugin-transform-explicit-resource-management": "^7.28.6", + "@babel/plugin-transform-exponentiation-operator": "^7.28.6", "@babel/plugin-transform-export-namespace-from": "^7.27.1", "@babel/plugin-transform-for-of": "^7.27.1", "@babel/plugin-transform-function-name": "^7.27.1", - "@babel/plugin-transform-json-strings": "^7.27.1", + "@babel/plugin-transform-json-strings": "^7.28.6", "@babel/plugin-transform-literals": "^7.27.1", - "@babel/plugin-transform-logical-assignment-operators": "^7.27.1", + "@babel/plugin-transform-logical-assignment-operators": "^7.28.6", "@babel/plugin-transform-member-expression-literals": "^7.27.1", "@babel/plugin-transform-modules-amd": "^7.27.1", - "@babel/plugin-transform-modules-commonjs": "^7.27.1", - "@babel/plugin-transform-modules-systemjs": "^7.27.1", + "@babel/plugin-transform-modules-commonjs": "^7.28.6", + "@babel/plugin-transform-modules-systemjs": "^7.28.5", "@babel/plugin-transform-modules-umd": "^7.27.1", "@babel/plugin-transform-named-capturing-groups-regex": "^7.27.1", "@babel/plugin-transform-new-target": "^7.27.1", - "@babel/plugin-transform-nullish-coalescing-operator": "^7.27.1", - "@babel/plugin-transform-numeric-separator": "^7.27.1", - "@babel/plugin-transform-object-rest-spread": "^7.28.0", + "@babel/plugin-transform-nullish-coalescing-operator": "^7.28.6", + "@babel/plugin-transform-numeric-separator": "^7.28.6", + "@babel/plugin-transform-object-rest-spread": "^7.28.6", "@babel/plugin-transform-object-super": "^7.27.1", - "@babel/plugin-transform-optional-catch-binding": "^7.27.1", - "@babel/plugin-transform-optional-chaining": "^7.27.1", + "@babel/plugin-transform-optional-catch-binding": "^7.28.6", + "@babel/plugin-transform-optional-chaining": "^7.28.6", "@babel/plugin-transform-parameters": "^7.27.7", - "@babel/plugin-transform-private-methods": "^7.27.1", - "@babel/plugin-transform-private-property-in-object": "^7.27.1", + "@babel/plugin-transform-private-methods": "^7.28.6", + "@babel/plugin-transform-private-property-in-object": "^7.28.6", "@babel/plugin-transform-property-literals": "^7.27.1", - "@babel/plugin-transform-regenerator": "^7.28.3", - "@babel/plugin-transform-regexp-modifiers": "^7.27.1", + "@babel/plugin-transform-regenerator": "^7.28.6", + "@babel/plugin-transform-regexp-modifiers": "^7.28.6", "@babel/plugin-transform-reserved-words": "^7.27.1", "@babel/plugin-transform-shorthand-properties": "^7.27.1", - "@babel/plugin-transform-spread": "^7.27.1", + "@babel/plugin-transform-spread": "^7.28.6", "@babel/plugin-transform-sticky-regex": "^7.27.1", "@babel/plugin-transform-template-literals": "^7.27.1", "@babel/plugin-transform-typeof-symbol": "^7.27.1", "@babel/plugin-transform-unicode-escapes": "^7.27.1", - "@babel/plugin-transform-unicode-property-regex": "^7.27.1", + "@babel/plugin-transform-unicode-property-regex": "^7.28.6", "@babel/plugin-transform-unicode-regex": "^7.27.1", - "@babel/plugin-transform-unicode-sets-regex": "^7.27.1", + "@babel/plugin-transform-unicode-sets-regex": "^7.28.6", "@babel/preset-modules": "0.1.6-no-external-plugins", "babel-plugin-polyfill-corejs2": "^0.4.14", "babel-plugin-polyfill-corejs3": "^0.13.0", @@ -1735,31 +1437,31 @@ } }, "node_modules/@babel/template": { - "version": "7.27.2", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz", - "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz", + "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.27.1", - "@babel/parser": "^7.27.2", - "@babel/types": "^7.27.1" + "@babel/code-frame": "^7.28.6", + "@babel/parser": "^7.28.6", + "@babel/types": "^7.28.6" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.4.tgz", - "integrity": "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.6.tgz", + "integrity": "sha512-fgWX62k02qtjqdSNTAGxmKYY/7FSL9WAS1o2Hu5+I5m9T0yxZzr4cnrfXQ/MX0rIifthCSs6FKTlzYbJcPtMNg==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.27.1", - "@babel/generator": "^7.28.3", + "@babel/code-frame": "^7.28.6", + "@babel/generator": "^7.28.6", "@babel/helper-globals": "^7.28.0", - "@babel/parser": "^7.28.4", - "@babel/template": "^7.27.2", - "@babel/types": "^7.28.4", + "@babel/parser": "^7.28.6", + "@babel/template": "^7.28.6", + "@babel/types": "^7.28.6", "debug": "^4.3.1" }, "engines": { @@ -1767,91 +1469,29 @@ } }, "node_modules/@babel/types": { - "version": "7.28.4", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz", - "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==", + "version": "7.28.6", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.6.tgz", + "integrity": "sha512-0ZrskXVEHSWIqZM/sQZ4EV3jZJXRkio/WCxaqKZP1g//CEWEPSfeZFcms4XeKBCHU0ZKnIkdJeU/kF+eRp5lBg==", "license": "MIT", "dependencies": { "@babel/helper-string-parser": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1" + "@babel/helper-validator-identifier": "^7.28.5" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@docsearch/core": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@docsearch/core/-/core-4.4.0.tgz", - "integrity": "sha512-kiwNo5KEndOnrf5Kq/e5+D9NBMCFgNsDoRpKQJ9o/xnSlheh6b8AXppMuuUVVdAUIhIfQFk/07VLjjk/fYyKmw==", - "license": "MIT", - "peerDependencies": { - "@types/react": ">= 16.8.0 < 20.0.0", - "react": ">= 16.8.0 < 20.0.0", - "react-dom": ">= 16.8.0 < 20.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "react": { - "optional": true - }, - "react-dom": { - "optional": true - } - } - }, "node_modules/@docsearch/css": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.4.0.tgz", - "integrity": "sha512-e9vPgtih6fkawakmYo0Y6V4BKBmDV7Ykudn7ADWXUs5b6pmtBRwDbpSG/WiaUG63G28OkJDEnsMvgIAnZgGwYw==", + "version": "4.5.3", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.5.3.tgz", + "integrity": "sha512-kUpHaxn0AgI3LQfyzTYkNUuaFY4uEz/Ym9/N/FvyDE+PzSgZsCyDH9jE49B6N6f1eLCm9Yp64J9wENd6vypdxA==", "license": "MIT" }, "node_modules/@docsearch/js": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.4.0.tgz", - "integrity": "sha512-vCiKzjYD54bugUIMZA6YzuLDilkD3TNH/kfbvqsnzxiLTMu8F13psD+hdMSEOn7j+dFJOaf49fZ+gwr+rXctMw==", - "license": "MIT", - "dependencies": { - "@docsearch/react": "4.4.0", - "htm": "3.1.1" - } - }, - "node_modules/@docsearch/react": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@docsearch/react/-/react-4.4.0.tgz", - "integrity": "sha512-z12zeg1mV7WD4Ag4pKSuGukETJLaucVFwszDXL/qLaEgRqxEaVacO9SR1qqnCXvZztlvz2rt7cMqryi/7sKfjA==", - "license": "MIT", - "dependencies": { - "@ai-sdk/react": "^2.0.30", - "@algolia/autocomplete-core": "1.19.2", - "@docsearch/core": "4.4.0", - "@docsearch/css": "4.4.0", - "ai": "^5.0.30", - "algoliasearch": "^5.28.0", - "marked": "^16.3.0", - "zod": "^4.1.8" - }, - "peerDependencies": { - "@types/react": ">= 16.8.0 < 20.0.0", - "react": ">= 16.8.0 < 20.0.0", - "react-dom": ">= 16.8.0 < 20.0.0", - "search-insights": ">= 1 < 3" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "react": { - "optional": true - }, - "react-dom": { - "optional": true - }, - "search-insights": { - "optional": true - } - } + "version": "4.5.3", + "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.5.3.tgz", + "integrity": "sha512-rcBiUMCXbZLqrLIT6F6FDcrG/tyvM2WM0zum6NPbIiQNDQxbSgmNc+/bToS0rxBsXaxiU64esiWoS02WqrWLsg==", + "license": "MIT" }, "node_modules/@esbuild/aix-ppc64": { "version": "0.27.1", @@ -2476,15 +2116,6 @@ "license": "MIT", "optional": true }, - "node_modules/@opentelemetry/api": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz", - "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==", - "license": "Apache-2.0", - "engines": { - "node": ">=8.0.0" - } - }, "node_modules/@popperjs/core": { "version": "2.11.8", "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", @@ -2804,12 +2435,6 @@ "win32" ] }, - "node_modules/@standard-schema/spec": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz", - "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==", - "license": "MIT" - }, "node_modules/@tabler/icons": { "version": "3.36.1", "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.36.1.tgz", @@ -2821,29 +2446,29 @@ } }, "node_modules/@thulite/bootstrap": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/@thulite/bootstrap/-/bootstrap-1.2.2.tgz", - "integrity": "sha512-u3gIB6CT4LR32XrT63rdFkKcmWna0msYqdlzLdU10emlU6yMCVlfHVdQuGQSCUJN2Q38Sxm+Nv4/AU1Z52Zy0g==", + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/@thulite/bootstrap/-/bootstrap-1.2.3.tgz", + "integrity": "sha512-230kXC1QwBESDP2ye7hlfVs6OHvLFKxlb9NJxjTLzMnE5cDGTjR3Tf+2PQftVERBmItpgXTL559ZE3zo6CKZSw==", "license": "MIT", "dependencies": { "@popperjs/core": "^2.11.8", - "bootstrap": "^5.3.7" + "bootstrap": "^5.3.8" }, "engines": { "node": ">=20.11.0" } }, "node_modules/@thulite/core": { - "version": "1.5.5", - "resolved": "https://registry.npmjs.org/@thulite/core/-/core-1.5.5.tgz", - "integrity": "sha512-lnCPoMFw3I8fg7Ef8f1SlERf9r3wivxzBeKQ4xSypESfXp6r6K3YEgU+N0IjJsA1wpaJ0f2qOIOPxMz6/bPMPA==", + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@thulite/core/-/core-1.5.6.tgz", + "integrity": "sha512-O2dBtoYdneIBAN2EJIfHSOd9ywjvVYW+rP/hVRI40RDuPpwqBFIKbWt9NsTXQce74tZmhjGkAPCXQU1Kqa9Y9Q==", "license": "MIT", "dependencies": { - "@babel/cli": "^7.28.0", - "@babel/core": "^7.28.0", - "@babel/preset-env": "^7.28.0", + "@babel/cli": "^7.28.6", + "@babel/core": "^7.28.6", + "@babel/preset-env": "^7.28.6", "@fullhuman/postcss-purgecss": "^7.0.2", - "autoprefixer": "^10.4.21", + "autoprefixer": "^10.4.23", "lazysizes": "^5.3.2", "modern-css-reset": "^1.4.0", "postcss": "^8.5.6", @@ -2856,41 +2481,41 @@ } }, "node_modules/@thulite/doks-core": { - "version": "1.8.3", - "resolved": "https://registry.npmjs.org/@thulite/doks-core/-/doks-core-1.8.3.tgz", - "integrity": "sha512-qGPlWACP40PDbhQdjK/n5Vmjd72K47qHt0Wtb3l9PeXAl+QYHyghedZuoJIZcehwC17fqiSuwThY5M9A1DABgw==", + "version": "1.8.4", + "resolved": "https://registry.npmjs.org/@thulite/doks-core/-/doks-core-1.8.4.tgz", + "integrity": "sha512-RjIKUOXfT8XpczAsmV/2LLQ+oHaIKUyKVhDFU0Sc8s9tuCopJHaxIQEaOtnplqui5iMJtsvh960lOMsUAWyTfw==", "license": "MIT", "dependencies": { - "@thulite/bootstrap": "^1.2.2", + "@thulite/bootstrap": "^1.2.3", "clipboard": "^2.0.11", - "flexsearch": "^0.8.205" + "flexsearch": "^0.8.212" }, "engines": { "node": ">=20.11.0" } }, "node_modules/@thulite/images": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/@thulite/images/-/images-3.3.3.tgz", - "integrity": "sha512-68cjGRJsNgTsUHK0eRTBnefKFjjDnz+0rK5z+Vx0P09d6MUsgKiSng1Wx4zS1wIeO9dRYHqZ0d9t8uOGK9KM7w==", + "version": "3.3.4", + "resolved": "https://registry.npmjs.org/@thulite/images/-/images-3.3.4.tgz", + "integrity": "sha512-l7fYyBFiiZWgFkaBLkINDrzDZ+KXTxWnvhTVPPEysL+TexzEubTY7b5s00iQoFZsUg4m+6flbYxZSupydFrEHg==", "license": "MIT", "engines": { "node": ">=20.11.0" } }, "node_modules/@thulite/inline-svg": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@thulite/inline-svg/-/inline-svg-1.2.1.tgz", - "integrity": "sha512-b6FL896o59Tv4rTTb6KZEHniSRJImphkeC9KJU/vLLIRgL2xgNZcF2XxSiebjoqK7UtWEA1qNPhxIGxZi3mqVw==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/@thulite/inline-svg/-/inline-svg-1.2.2.tgz", + "integrity": "sha512-jbxeXQjJT5HFuRufckEbEAoZjHJZCHwLY/rjJS6Lhc9ZZuMMp6QaOVk4pJa0Ey1UBsTJLcACyfm/K47oGJBluQ==", "license": "MIT", "engines": { "node": ">=20.11.0" } }, "node_modules/@thulite/seo": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/@thulite/seo/-/seo-2.4.2.tgz", - "integrity": "sha512-PP9DF2KDQ+fCZbkKfBz9scMxYLWhfBQ5w84man/HGLZl5P8OfQu4hXJkkEmkacfRnaTLn9b7Z72IUJ480Km42w==", + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/@thulite/seo/-/seo-2.4.3.tgz", + "integrity": "sha512-1Y8PJXjGQBoB+VgcC3+RiPxGyI0VshBgufloOtPGlolB+K+qSMY9SPla1mL2HzkLbteb2W9+9CktS7CA/f90Rg==", "license": "MIT", "engines": { "node": ">=20.11.0" @@ -2903,59 +2528,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@vercel/oidc": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@vercel/oidc/-/oidc-3.0.5.tgz", - "integrity": "sha512-fnYhv671l+eTTp48gB4zEsTW/YtRgRPnkI2nT7x6qw5rkI1Lq2hTmQIpHPgyThI0znLK+vX2n9XxKdXZ7BUbbw==", - "license": "Apache-2.0", - "engines": { - "node": ">= 20" - } - }, - "node_modules/ai": { - "version": "5.0.116", - "resolved": "https://registry.npmjs.org/ai/-/ai-5.0.116.tgz", - "integrity": "sha512-+2hYJ80/NcDWuv9K2/MLP3cTCFgwWHmHlS1tOpFUKKcmLbErAAlE/S2knsKboc3PNAu8pQkDr2N3K/Vle7ENgQ==", - "license": "Apache-2.0", - "dependencies": { - "@ai-sdk/gateway": "2.0.23", - "@ai-sdk/provider": "2.0.0", - "@ai-sdk/provider-utils": "3.0.19", - "@opentelemetry/api": "1.9.0" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "zod": "^3.25.76 || ^4.1.8" - } - }, - "node_modules/algoliasearch": { - "version": "5.46.2", - "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.46.2.tgz", - "integrity": "sha512-qqAXW9QvKf2tTyhpDA4qXv1IfBwD2eduSW6tUEBFIfCeE9gn9HQ9I5+MaKoenRuHrzk5sQoNh1/iof8mY7uD6Q==", - "license": "MIT", - "peer": true, - "dependencies": { - "@algolia/abtesting": "1.12.2", - "@algolia/client-abtesting": "5.46.2", - "@algolia/client-analytics": "5.46.2", - "@algolia/client-common": "5.46.2", - "@algolia/client-insights": "5.46.2", - "@algolia/client-personalization": "5.46.2", - "@algolia/client-query-suggestions": "5.46.2", - "@algolia/client-search": "5.46.2", - "@algolia/ingestion": "1.46.2", - "@algolia/monitoring": "1.46.2", - "@algolia/recommend": "5.46.2", - "@algolia/requester-browser-xhr": "5.46.2", - "@algolia/requester-fetch": "5.46.2", - "@algolia/requester-node-http": "5.46.2" - }, - "engines": { - "node": ">= 14.0.0" - } - }, "node_modules/ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", @@ -2994,9 +2566,9 @@ } }, "node_modules/autoprefixer": { - "version": "10.4.21", - "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.21.tgz", - "integrity": "sha512-O+A6LWV5LDHSJD3LjHYoNi4VLsj/Whi7k6zG12xTYaU4cQ8oxQGckXNX8cRHK5yOZ/ppVHe0ZBXGzSV9jXdVbQ==", + "version": "10.4.23", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.23.tgz", + "integrity": "sha512-YYTXSFulfwytnjAPlw8QHncHJmlvFKtczb8InXaAx9Q0LbfDnfEYDE55omerIJKihhmU61Ft+cAOSzQVaBUmeA==", "funding": [ { "type": "opencollective", @@ -3013,10 +2585,9 @@ ], "license": "MIT", "dependencies": { - "browserslist": "^4.24.4", - "caniuse-lite": "^1.0.30001702", - "fraction.js": "^4.3.7", - "normalize-range": "^0.1.2", + "browserslist": "^4.28.1", + "caniuse-lite": "^1.0.30001760", + "fraction.js": "^5.3.4", "picocolors": "^1.1.1", "postcss-value-parser": "^4.2.0" }, @@ -3076,9 +2647,9 @@ "license": "MIT" }, "node_modules/baseline-browser-mapping": { - "version": "2.8.19", - "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.19.tgz", - "integrity": "sha512-zoKGUdu6vb2jd3YOq0nnhEDQVbPcHhco3UImJrv5dSkvxTc2pl2WjOPsjZXDwPDSl5eghIMuY3R6J9NDKF3KcQ==", + "version": "2.9.17", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.17.tgz", + "integrity": "sha512-agD0MgJFUP/4nvjqzIB29zRPUuCF7Ge6mEv9s8dHrtYD7QWXRcx75rOADE/d5ah1NI+0vkDl0yorDd5U852IQQ==", "license": "Apache-2.0", "bin": { "baseline-browser-mapping": "dist/cli.js" @@ -3138,9 +2709,9 @@ } }, "node_modules/browserslist": { - "version": "4.27.0", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.27.0.tgz", - "integrity": "sha512-AXVQwdhot1eqLihwasPElhX2tAZiBjWdJ9i/Zcj2S6QYIjkx62OKSfnobkriB81C3l4w0rVy3Nt4jaTBltYEpw==", + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz", + "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==", "funding": [ { "type": "opencollective", @@ -3158,11 +2729,11 @@ "license": "MIT", "peer": true, "dependencies": { - "baseline-browser-mapping": "^2.8.19", - "caniuse-lite": "^1.0.30001751", - "electron-to-chromium": "^1.5.238", - "node-releases": "^2.0.26", - "update-browserslist-db": "^1.1.4" + "baseline-browser-mapping": "^2.9.0", + "caniuse-lite": "^1.0.30001759", + "electron-to-chromium": "^1.5.263", + "node-releases": "^2.0.27", + "update-browserslist-db": "^1.2.0" }, "bin": { "browserslist": "cli.js" @@ -3181,9 +2752,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001751", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001751.tgz", - "integrity": "sha512-A0QJhug0Ly64Ii3eIqHu5X51ebln3k4yTUkY1j8drqpWHVreg/VLijN48cZ1bYPiqOQuqpkIKnzr/Ul8V+p6Cw==", + "version": "1.0.30001766", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz", + "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==", "funding": [ { "type": "opencollective", @@ -3289,12 +2860,12 @@ "license": "MIT" }, "node_modules/core-js-compat": { - "version": "3.46.0", - "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.46.0.tgz", - "integrity": "sha512-p9hObIIEENxSV8xIu+V68JjSeARg6UVMG5mR+JEUguG3sI6MsiS1njz2jHmyJDvA+8jX/sytkBHup6kxhM9law==", + "version": "3.48.0", + "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.48.0.tgz", + "integrity": "sha512-OM4cAF3D6VtH/WkLtWvyNC56EZVXsZdU3iqaMG2B4WvYrlqU831pc4UtG5yp0sE9z8Y02wVN7PjW5Zf9Gt0f1Q==", "license": "MIT", "dependencies": { - "browserslist": "^4.26.3" + "browserslist": "^4.28.1" }, "funding": { "type": "opencollective", @@ -3368,15 +2939,6 @@ "node": ">=4" } }, - "node_modules/dequal": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", - "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", - "license": "MIT", - "engines": { - "node": ">=6" - } - }, "node_modules/eastasianwidth": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", @@ -3384,9 +2946,9 @@ "license": "MIT" }, "node_modules/electron-to-chromium": { - "version": "1.5.238", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.238.tgz", - "integrity": "sha512-khBdc+w/Gv+cS8e/Pbnaw/FXcBUeKrRVik9IxfXtgREOWyJhR4tj43n3amkVogJ/yeQUqzkrZcFhtIxIdqmmcQ==", + "version": "1.5.278", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.278.tgz", + "integrity": "sha512-dQ0tM1svDRQOwxnXxm+twlGTjr9Upvt8UFWAgmLsxEzFQxhbti4VwxmMjsDxVC51Zo84swW7FVCXEV+VAkhuPw==", "license": "ISC" }, "node_modules/emoji-regex": { @@ -3455,15 +3017,6 @@ "node": ">=0.10.0" } }, - "node_modules/eventsource-parser": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.6.tgz", - "integrity": "sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg==", - "license": "MIT", - "engines": { - "node": ">=18.0.0" - } - }, "node_modules/fill-range": { "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", @@ -3534,15 +3087,15 @@ } }, "node_modules/fraction.js": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", - "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz", + "integrity": "sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==", "license": "MIT", "engines": { "node": "*" }, "funding": { - "type": "patreon", + "type": "github", "url": "https://github.com/sponsors/rawify" } }, @@ -3767,12 +3320,6 @@ "node": ">= 0.4" } }, - "node_modules/htm": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/htm/-/htm-3.1.1.tgz", - "integrity": "sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==", - "license": "Apache-2.0" - }, "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", @@ -3904,12 +3451,6 @@ "node": ">=6" } }, - "node_modules/json-schema": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", - "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==", - "license": "(AFL-2.1 OR BSD-3-Clause)" - }, "node_modules/json5": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", @@ -4019,18 +3560,6 @@ "semver": "bin/semver" } }, - "node_modules/marked": { - "version": "16.4.2", - "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.2.tgz", - "integrity": "sha512-TI3V8YYWvkVf3KJe1dRkpnjs68JUPyEa5vjKrp1XEEJUAOaQc+Qj+L1qWbPd0SJuAdQkFU0h73sXXqwDYxsiDA==", - "license": "MIT", - "bin": { - "marked": "bin/marked.js" - }, - "engines": { - "node": ">= 20" - } - }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -4092,9 +3621,9 @@ } }, "node_modules/node-releases": { - "version": "2.0.26", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.26.tgz", - "integrity": "sha512-S2M9YimhSjBSvYnlr5/+umAnPHE++ODwt5e2Ij6FoX45HA/s4vHdkDx1eax2pAPeAOqu4s9b7ppahsyEFdVqQA==", + "version": "2.0.27", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz", + "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==", "license": "MIT" }, "node_modules/normalize-path": { @@ -4106,15 +3635,6 @@ "node": ">=0.10.0" } }, - "node_modules/normalize-range": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", - "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", - "license": "MIT", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", @@ -4405,9 +3925,9 @@ "license": "MIT" }, "node_modules/prettier": { - "version": "3.7.4", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.4.tgz", - "integrity": "sha512-v6UNi1+3hSlVvv8fSaoUbggEM5VErKmmpGA7Pl3HF8V6uKY7rvClBOJlH6yNwQtfTueNkGVpOv/mtWL9L4bgRA==", + "version": "3.8.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", + "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", "dev": true, "license": "MIT", "bin": { @@ -4524,16 +4044,6 @@ } } }, - "node_modules/react": { - "version": "19.2.3", - "resolved": "https://registry.npmjs.org/react/-/react-19.2.3.tgz", - "integrity": "sha512-Ku/hhYbVjOQnXDZFv2+RibmLFGwFdeeKHFcOTlrt7xplBnya5OGn/hIRDsqDiSUcfORsDC7MPxwork8jBwsIWA==", - "license": "MIT", - "peer": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/read-cache": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", @@ -4728,13 +4238,6 @@ "node": ">=6.0.0" } }, - "node_modules/search-insights": { - "version": "2.17.3", - "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-2.17.3.tgz", - "integrity": "sha512-RQPdCYTa8A68uM2jwxoY842xDhvx3E5LFL1LxvxCNMev4o5mLuokczhzjAgGwUZBAmOKZknArSxLKmXtIi2AxQ==", - "license": "MIT", - "peer": true - }, "node_modules/select": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/select/-/select-1.1.2.tgz", @@ -4873,37 +4376,12 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/swr": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/swr/-/swr-2.3.8.tgz", - "integrity": "sha512-gaCPRVoMq8WGDcWj9p4YWzCMPHzE0WNl6W8ADIx9c3JBEIdMkJGMzW+uzXvxHMltwcYACr9jP+32H8/hgwMR7w==", - "license": "MIT", - "dependencies": { - "dequal": "^2.0.3", - "use-sync-external-store": "^1.6.0" - }, - "peerDependencies": { - "react": "^16.11.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" - } - }, "node_modules/thenby": { "version": "1.3.4", "resolved": "https://registry.npmjs.org/thenby/-/thenby-1.3.4.tgz", "integrity": "sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ==", "license": "Apache-2.0" }, - "node_modules/throttleit": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-2.1.0.tgz", - "integrity": "sha512-nt6AMGKW1p/70DF/hGBdJB57B8Tspmbp5gfJ8ilhLnt7kkr2ye7hzD6NVG8GGErk2HWF34igrL2CXmNIkzKqKw==", - "license": "MIT", - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/throttles": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/throttles/-/throttles-1.0.1.tgz", @@ -4914,12 +4392,12 @@ } }, "node_modules/thulite": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/thulite/-/thulite-2.6.3.tgz", - "integrity": "sha512-bT5A64nqlChrhp2lvCLP2z4HJhLWjaMfKjLWqpmqdNyaFowz4vTG7NzvuHKo2AElsAwChMdgRZpb9r1u+wM4QQ==", + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/thulite/-/thulite-2.6.4.tgz", + "integrity": "sha512-kjt8NVflkCxkOLxr6gH4JlQZkftqsXZU1GOQgH1F0fAjTr9cZtt2YVjTjcwslG2v0j2Uzu11JEuabN7r/AyvPg==", "license": "MIT", "dependencies": { - "@thulite/core": "^1.5.5" + "@thulite/core": "^1.5.6" }, "engines": { "node": ">=20.11.0" @@ -5039,9 +4517,9 @@ } }, "node_modules/update-browserslist-db": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.4.tgz", - "integrity": "sha512-q0SPT4xyU84saUX+tomz1WLkxUbuaJnR1xWt17M7fJtEJigJeWUNGUqrauFXsHnqev9y9JTRGwk13tFBuKby4A==", + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz", + "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==", "funding": [ { "type": "opencollective", @@ -5068,15 +4546,6 @@ "browserslist": ">= 4.21.0" } }, - "node_modules/use-sync-external-store": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz", - "integrity": "sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w==", - "license": "MIT", - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" - } - }, "node_modules/util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", @@ -5084,9 +4553,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.3.0", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.0.tgz", - "integrity": "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg==", + "version": "7.3.1", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz", + "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==", "dev": true, "license": "MIT", "dependencies": { @@ -5305,16 +4774,6 @@ "engines": { "node": ">=12" } - }, - "node_modules/zod": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/zod/-/zod-4.2.1.tgz", - "integrity": "sha512-0wZ1IRqGGhMP76gLqz8EyfBXKk0J2qo2+H3fi4mcUP/KtTocoX08nmIAHl1Z2kJIZbZee8KOpBCSNPRgauucjw==", - "license": "MIT", - "peer": true, - "funding": { - "url": "https://github.com/sponsors/colinhacks" - } } } } diff --git a/docs/package.json b/docs/package.json index 30d36a2f746..9b6e2f0fd0d 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,18 +16,18 @@ "preview": "vite preview --outDir public" }, "dependencies": { - "@docsearch/css": "4.4.0", - "@docsearch/js": "4.4.0", + "@docsearch/css": "4.5.3", + "@docsearch/js": "4.5.3", "@tabler/icons": "3.36.1", - "@thulite/doks-core": "1.8.3", - "@thulite/images": "3.3.3", - "@thulite/inline-svg": "1.2.1", - "@thulite/seo": "2.4.2", - "thulite": "2.6.3" + "@thulite/doks-core": "1.8.4", + "@thulite/images": "3.3.4", + "@thulite/inline-svg": "1.2.2", + "@thulite/seo": "2.4.3", + "thulite": "2.6.4" }, "devDependencies": { - "prettier": "3.7.4", - "vite": "7.3.0" + "prettier": "3.8.1", + "vite": "7.3.1" }, "engines": { "node": ">=20.11.0" diff --git a/docs/static/svgs/logo-darkmode.svg b/docs/static/svgs/logo-darkmode.svg new file mode 100644 index 00000000000..70f6c6c184e --- /dev/null +++ b/docs/static/svgs/logo-darkmode.svg @@ -0,0 +1,726 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/docs/static/svgs/logo-lightmode.svg b/docs/static/svgs/logo-lightmode.svg new file mode 100644 index 00000000000..212d132dea8 --- /dev/null +++ b/docs/static/svgs/logo-lightmode.svg @@ -0,0 +1,836 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/dojo/__init__.py b/dojo/__init__.py index 262c2e3b52f..fe0ab480aee 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.54.3" +__version__ = "2.55.0" __url__ = "https://github.com/DefectDojo/django-DefectDojo" # noqa: RUF067 __docs__ = "https://documentation.defectdojo.com" # noqa: RUF067 diff --git a/dojo/api_helpers/__init__.py b/dojo/api_helpers/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/api_helpers/filters.py b/dojo/api_helpers/filters.py new file mode 100644 index 00000000000..6e2c0417327 --- /dev/null +++ b/dojo/api_helpers/filters.py @@ -0,0 +1,283 @@ +from __future__ import annotations + +from datetime import datetime, timedelta +from typing import TYPE_CHECKING + +from django.utils import timezone +from django_filters import ( + BaseInFilter, + BooleanFilter, + CharFilter, + DateTimeFromToRangeFilter, + FilterSet, + MultipleChoiceFilter, + NumberFilter, + OrderingFilter, +) + +if TYPE_CHECKING: + from collections.abc import Iterable + + +# https://django-filter.readthedocs.io/en/stable/ref/filters.html#baseinfilter +class NumberInFilter(BaseInFilter, NumberFilter): + + """Support for searches like `id__in`.""" + + +# https://django-filter.readthedocs.io/en/stable/ref/filters.html#baseinfilter +class CharFieldInFilter(BaseInFilter, CharFilter): + + """Support for searches like `id__in`.""" + + def filter(self, qs, value): + if not value: + return qs + if isinstance(value, str): + value = [v.strip() for v in value.split(",") if v.strip()] + return super().filter(qs, value) + + +class StaticMethodFilters(FilterSet): + + """Static methods to make setting new filters easier.""" + + @staticmethod + def set_class_variables(context: dict, class_vars: dict) -> None: + """Set the contents of `class_vars` into the supplied context.""" + context.update(class_vars) + + @staticmethod + def create_char_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """ + Create all the filters needed for a CharFilter. + + - Exact Match + - Not Exact Match + - Contains + - Not Contains + - Starts with + - Ends with + """ + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_exact": CharFilter( + field_name=field_name, + lookup_expr="iexact", + help_text=f"{help_text_header}: Exact Match", + ), + f"{field_name}_not_exact": CharFilter( + field_name=field_name, + lookup_expr="iexact", + help_text=f"{help_text_header}: Not Exact Match", + exclude=True, + ), + f"{field_name}_contains": CharFilter( + field_name=field_name, + lookup_expr="icontains", + help_text=f"{help_text_header}: Contains", + ), + f"{field_name}_not_contains": CharFilter( + field_name=field_name, + lookup_expr="icontains", + help_text=f"{help_text_header}: Not Contains", + exclude=True, + ), + f"{field_name}_starts_with": CharFilter( + field_name=field_name, + lookup_expr="istartswith", + help_text=f"{help_text_header}: Starts With", + ), + f"{field_name}_ends_with": CharFilter( + field_name=field_name, + lookup_expr="iendswith", + help_text=f"{help_text_header}: Ends With", + ), + f"{field_name}_includes": CharFieldInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Included in List", + ), + f"{field_name}_not_includes": CharFieldInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Not Included in List", + exclude=True, + ), + }, + ) + + @staticmethod + def create_integer_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """ + Create all the filters needed for an IntegerFilter. + + - Exact Match + - Not Exact Match + - Greater Than or Equal to + - Less Than or Equal to + - ID included in the list + - ID Not included in the list + """ + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_equals": NumberFilter( + field_name=field_name, + lookup_expr="exact", + help_text=f"{help_text_header}: Equals", + ), + f"{field_name}_not_equals": NumberFilter( + field_name=field_name, + lookup_expr="exact", + help_text=f"{help_text_header}: Not Equals", + exclude=True, + ), + f"{field_name}_greater_than_or_equal_to": NumberFilter( + field_name=field_name, + lookup_expr="gte", + help_text=f"{help_text_header}: Greater Than or Equal To", + ), + f"{field_name}_less_than_or_equal_to": NumberFilter( + field_name=field_name, + lookup_expr="lte", + help_text=f"{help_text_header}: Less Than or Equal To", + ), + f"{field_name}_includes": NumberInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Included in List", + ), + f"{field_name}_not_includes": NumberInFilter( + field_name=field_name, + lookup_expr="in", + help_text=f"{help_text_header}: Not Included in List", + exclude=True, + ), + }, + ) + + @staticmethod + def create_choice_filters( + field_name: str, + help_text_header: str, + choices: list[tuple[str]], + context: dict, + ) -> None: + """Create a filter for requiring a single choice.""" + return StaticMethodFilters.set_class_variables( + context, + { + f"{field_name}_equals": MultipleChoiceFilter( + field_name=field_name, + choices=choices, + help_text=f"{help_text_header}: Choice Filter", + ), + }, + ) + + @staticmethod + def create_datetime_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """Create a filter for setting datetime filters.""" + return StaticMethodFilters.set_class_variables( + context, + { + field_name: DateTimeFromToRangeFilter( + field_name=field_name, + help_text=f"{help_text_header}: DateTime Range Filter", + ), + }, + ) + + @staticmethod + def create_boolean_filters( + field_name: str, + help_text_header: str, + context: dict, + ) -> None: + """Create a filter for boolean filters.""" + return StaticMethodFilters.set_class_variables( + context, + { + field_name: BooleanFilter( + field_name=field_name, + help_text=f"{help_text_header}: True/False", + ), + }, + ) + + @staticmethod + def create_ordering_filters( + context: dict, + field_names: Iterable[str], + ) -> None: + """Create an ordering filter for all fields in the dict.""" + return StaticMethodFilters.set_class_variables( + context, + {"ordering": OrderingFilter(fields=[(field_name, field_name) for field_name in field_names])}, + ) + + +class CommonFilters(StaticMethodFilters): + + """Helpers for FilterSets to reduce copy/past code.""" + + StaticMethodFilters.create_integer_filters("id", "ID", locals()) + StaticMethodFilters.create_datetime_filters("created_at", "Created At", locals()) + StaticMethodFilters.create_datetime_filters("updated_at", "Updated At", locals()) + + +def filter_timestamp(queryset, name, value): + try: + date = datetime.strptime(value, "%Y-%m-%d") + except ValueError: + return queryset + + start_datetime = timezone.make_aware(datetime.combine(date, datetime.min.time())) + end_datetime = timezone.make_aware(datetime.combine(date + timedelta(days=1), datetime.min.time())) + + return queryset.filter(**{f"{name}__gte": start_datetime, f"{name}__lt": end_datetime}) + + +def csv_filter(queryset, name, value): + return queryset.filter(**{f"{name}__in": value.split(",")}) + + +class CustomOrderingFilter(OrderingFilter): + def __init__(self, *args, **kwargs): + self.reverse_fields = kwargs.pop("reverse_fields", []) + super().__init__(*args, **kwargs) + + def filter(self, qs, value): + if value in {None, ""}: + return qs + + ordering = [] + + for param in value: + stripped_param = param.strip() + raw_field = stripped_param.lstrip("-") + reverse = raw_field in self.reverse_fields + + if reverse: + if stripped_param.startswith("-"): + ordering.append(raw_field) + else: + ordering.append(f"-{raw_field}") + else: + ordering.append(stripped_param) + + return qs.order_by(*ordering) diff --git a/dojo/api_helpers/serializers.py b/dojo/api_helpers/serializers.py new file mode 100644 index 00000000000..f486d90303f --- /dev/null +++ b/dojo/api_helpers/serializers.py @@ -0,0 +1,81 @@ +from __future__ import annotations + +from typing import TYPE_CHECKING + +from rest_framework.exceptions import ValidationError +from rest_framework.serializers import ( + ModelSerializer, + Serializer, +) + +if TYPE_CHECKING: + from collections import OrderedDict + + from django.db.models import Model + + from dojo.base_models.base import T + + +class SnubSerializer(Serializer): + pass + + +class BaseModelSerializer(ModelSerializer): + + """Base serializer for all models.""" + + def get_request_method(self) -> str: + """Return the method of the request.""" + return self.context.get("request").method + + def remove_internal_fields(self, fields: dict) -> None: + """Remove a list of internally defined fields that should never be exposed to the user.""" + # Fetch the list of fields from the serializer + internal_fields = getattr(self, "internal_fields", []) + # Remove them from the field dict + for field in internal_fields: + fields.pop(field, None) + + def get_fields(self) -> OrderedDict: + """Exclude all internal fields by default.""" + fields = super().get_fields() + # Remove the internal fields + self.remove_internal_fields(fields) + + return fields + + def process_nested_serializer( + self, + serializer_class: type[BaseModelSerializer], + object_data: dict | None, + instance: Model | None, + ) -> T | None: + """Process nested serializers in a generic way.""" + # Short circuit if given incorrect data + if object_data is None or object_data == {}: + return None + # Check the method is an expected value + method = self.get_request_method() + if method not in {"POST", "PATCH", "PUT"}: + msg = "The `method` method must be one of `POST`, `PATCH`, or `PUT`..." + raise ValidationError(msg) + # Check the method has what it needs + if instance is None and method in {"PATCH", "PUT"}: + msg = "When using the `PUT` or `PATCH` method, you must also supply the instance to update..." + raise ValidationError(msg) + # Initialize the serializer class + unsaved_object = serializer_class(data=object_data, partial=(method == "PATCH")) + # Validate the object with the serializer class + if not unsaved_object.is_valid(): + raise ValidationError(unsaved_object.errors) + # Determine the args to pass based on the method to call + object_instance = None + if method == "POST": + object_instance = unsaved_object.create(validated_data=unsaved_object.validated_data) + elif method in {"PATCH", "PUT"}: + object_instance = unsaved_object.update( + instance=instance, + validated_data=unsaved_object.validated_data, + ) + + return object_instance diff --git a/dojo/api_v2/permissions.py b/dojo/api_v2/permissions.py index 905ddf99b58..2fdd1eb48f9 100644 --- a/dojo/api_v2/permissions.py +++ b/dojo/api_v2/permissions.py @@ -1,5 +1,5 @@ -import re +from django.conf import settings from django.db.models import Model from django.shortcuts import get_object_or_404 from rest_framework import permissions, serializers @@ -18,8 +18,10 @@ ) from dojo.authorization.roles_permissions import Permissions from dojo.importers.auto_create_context import AutoCreateContextManager +from dojo.location.models import Location from dojo.models import ( Cred_Mapping, + Development_Environment, Dojo_Group, Endpoint, Engagement, @@ -27,6 +29,8 @@ Finding_Group, Product, Product_Type, + Regulation, + SLA_Configuration, Test, ) @@ -60,6 +64,72 @@ def check_object_permission( return False +class BaseRelatedObjectPermission(permissions.BasePermission): + + """ + An "abstract" base class for related object permissions (like notes, metadata, etc.) + that only need object permissions, not general permissions. This class will serve as + the base class for other more aptly named permission classes. + """ + + permission_map: dict[str, int] = { + "get_permission": None, + "put_permission": None, + "delete_permission": None, + "post_permission": None, + } + + def has_permission(self, request: Request, view): + # related object only need object permission + return True + + def has_object_permission(self, request: Request, view, obj): + return check_object_permission( + request, + obj, + **self.permission_map, + ) + + +class BaseDjangoModelPermission(permissions.BasePermission): + + """ + An "abstract" base class for Django model permissions. + This class will serve as the base class for other more aptly named permission classes. + """ + + django_model: Model = None + request_method_permission_map: dict[str, str] = { + "GET": "view", + "POST": "add", + "PUT": "change", + "PATCH": "change", + "DELETE": "delete", + } + + def _evaluate_permissions(self, request: Request, permissions: dict[str, str]) -> bool: + # Short circuit if the request method is not in the expected methods + if request.method not in permissions: + return True + # Evaluate the permissions as usual + for method, permission in permissions.items(): + if request.method == method: + return user_has_configuration_permission( + request.user, + f"{self.django_model._meta.app_label}.{permission}_{self.django_model._meta.model_name}", + ) + return False + + def has_permission(self, request: Request, view): + # First restrict the mapping got GET/POST only + expected_request_method_permission_map = {k: v for k, v in self.request_method_permission_map.items() if k in {"GET", "POST"}} + # Evaluate the permissions + return self._evaluate_permissions(request, expected_request_method_permission_map) + + def has_object_permission(self, request: Request, view, obj): + return self._evaluate_permissions(request, self.request_method_permission_map) + + class UserHasAppAnalysisPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( @@ -177,13 +247,26 @@ def has_permission(self, request, view): request.user, obj, Permissions.Finding_Edit, ) ) + location_id = request.data.get("location", None) + if location_id: + obj = get_object_or_404(Location, pk=location_id) + has_permission_result = ( + has_permission_result + and user_has_permission( + request.user, obj, Permissions.Location_Edit, + ) + ) + # TODO: Delete this after the move to Locations endpoint_id = request.data.get("endpoint", None) if endpoint_id: - obj = get_object_or_404(Endpoint, pk=endpoint_id) + if settings.V3_FEATURE_LOCATIONS: + obj = get_object_or_404(Location, pk=endpoint_id) + else: + obj = get_object_or_404(Endpoint, pk=endpoint_id) has_permission_result = ( has_permission_result and user_has_permission( - request.user, obj, Permissions.Endpoint_Edit, + request.user, obj, Permissions.Location_Edit, ) ) return has_permission_result @@ -215,6 +298,19 @@ def has_object_permission(self, request, view, obj): Permissions.Finding_Edit, ) ) + location = obj.location + if location: + has_permission_result = ( + has_permission_result + and check_object_permission( + request, + location, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, + ) + ) + # TODO: Delete this after the move to Locations endpoint = obj.endpoint if endpoint: has_permission_result = ( @@ -222,9 +318,9 @@ def has_object_permission(self, request, view, obj): and check_object_permission( request, endpoint, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, ) ) return has_permission_result @@ -246,165 +342,117 @@ def has_object_permission(self, request, view, obj): ) +# TODO: Delete this after the move to Locations class UserHasEndpointPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( - request, Product, "product", Permissions.Endpoint_Add, + request, Product, "product", Permissions.Location_Add, ) def has_object_permission(self, request, view, obj): return check_object_permission( request, obj, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, ) +# TODO: Delete this after the move to Locations class UserHasEndpointStatusPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( - request, Endpoint, "endpoint", Permissions.Endpoint_Edit, + request, Endpoint, "endpoint", Permissions.Location_Edit, ) def has_object_permission(self, request, view, obj): return check_object_permission( request, obj.endpoint, - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Edit, ) class UserHasEngagementPermission(permissions.BasePermission): - # Permission checks for related objects (like notes or metadata) can be moved - # into a seperate class, when the legacy authorization will be removed. - path_engagement_post = re.compile(r"^/api/v2/engagements/$") - path_engagement = re.compile(r"^/api/v2/engagements/\d+/$") - def has_permission(self, request, view): - if UserHasEngagementPermission.path_engagement_post.match( - request.path, - ) or UserHasEngagementPermission.path_engagement.match(request.path): - return check_post_permission( + return check_post_permission( request, Product, "product", Permissions.Engagement_Add, ) - # related object only need object permission - return True def has_object_permission(self, request, view, obj): - if UserHasEngagementPermission.path_engagement_post.match( - request.path, - ) or UserHasEngagementPermission.path_engagement.match(request.path): - return check_object_permission( - request, - obj, - Permissions.Engagement_View, - Permissions.Engagement_Edit, - Permissions.Engagement_Delete, - ) return check_object_permission( request, obj, Permissions.Engagement_View, Permissions.Engagement_Edit, - Permissions.Engagement_Edit, - Permissions.Engagement_Edit, + Permissions.Engagement_Delete, ) -class UserHasRiskAcceptancePermission(permissions.BasePermission): - # Permission checks for related objects (like notes or metadata) can be moved - # into a seperate class, when the legacy authorization will be removed. - path_risk_acceptance_post = re.compile(r"^/api/v2/risk_acceptances/$") - path_risk_acceptance = re.compile(r"^/api/v2/risk_acceptances/\d+/$") +class UserHasEngagementRelatedObjectPermission(BaseRelatedObjectPermission): + permission_map = { + "get_permission": Permissions.Engagement_View, + "put_permission": Permissions.Engagement_Edit, + "delete_permission": Permissions.Engagement_Edit, + "post_permission": Permissions.Engagement_Edit, + } + +class UserHasRiskAcceptancePermission(permissions.BasePermission): def has_permission(self, request, view): - if UserHasRiskAcceptancePermission.path_risk_acceptance_post.match( - request.path, - ) or UserHasRiskAcceptancePermission.path_risk_acceptance.match( - request.path, - ): - return check_post_permission( - request, Product, "product", Permissions.Risk_Acceptance, - ) - # related object only need object permission + # The previous implementation only checked for the object permission if the path was + # /api/v2/risk_acceptances/, but the path has always been /api/v2/risk_acceptance/ (notice the missing "s") + # So there really has not been a notion of a post permission check for risk acceptances. + # It would be best to leave as is to not break any existing implementations. return True def has_object_permission(self, request, view, obj): - if UserHasRiskAcceptancePermission.path_risk_acceptance_post.match( - request.path, - ) or UserHasRiskAcceptancePermission.path_risk_acceptance.match( - request.path, - ): - return check_object_permission( - request, - obj, - Permissions.Risk_Acceptance, - Permissions.Risk_Acceptance, - Permissions.Risk_Acceptance, - ) return check_object_permission( request, obj, Permissions.Risk_Acceptance, Permissions.Risk_Acceptance, Permissions.Risk_Acceptance, - Permissions.Risk_Acceptance, ) -class UserHasFindingPermission(permissions.BasePermission): - # Permission checks for related objects (like notes or metadata) can be moved - # into a seperate class, when the legacy authorization will be removed. - path_finding_post = re.compile(r"^/api/v2/findings/$") - path_finding = re.compile(r"^/api/v2/findings/\d+/$") - path_stub_finding_post = re.compile(r"^/api/v2/stub_findings/$") - path_stub_finding = re.compile(r"^/api/v2/stub_findings/\d+/$") +class UserHasRiskAcceptanceRelatedObjectPermission(BaseRelatedObjectPermission): + permission_map = { + "get_permission": Permissions.Risk_Acceptance, + "put_permission": Permissions.Risk_Acceptance, + "delete_permission": Permissions.Risk_Acceptance, + "post_permission": Permissions.Risk_Acceptance, + } + +class UserHasFindingPermission(permissions.BasePermission): def has_permission(self, request, view): - if ( - UserHasFindingPermission.path_finding_post.match(request.path) - or UserHasFindingPermission.path_finding.match(request.path) - or UserHasFindingPermission.path_stub_finding_post.match( - request.path, - ) - or UserHasFindingPermission.path_stub_finding.match(request.path) - ): - return check_post_permission( - request, Test, "test", Permissions.Finding_Add, - ) - # related object only need object permission - return True + return check_post_permission( + request, Test, "test", Permissions.Finding_Add, + ) def has_object_permission(self, request, view, obj): - if ( - UserHasFindingPermission.path_finding_post.match(request.path) - or UserHasFindingPermission.path_finding.match(request.path) - or UserHasFindingPermission.path_stub_finding_post.match( - request.path, - ) - or UserHasFindingPermission.path_stub_finding.match(request.path) - ): - return check_object_permission( - request, - obj, - Permissions.Finding_View, - Permissions.Finding_Edit, - Permissions.Finding_Delete, - ) return check_object_permission( request, obj, Permissions.Finding_View, Permissions.Finding_Edit, - Permissions.Finding_Edit, - Permissions.Finding_Edit, + Permissions.Finding_Delete, ) +class UserHasFindingRelatedObjectPermission(BaseRelatedObjectPermission): + permission_map = { + "get_permission": Permissions.Finding_View, + "put_permission": Permissions.Finding_Edit, + "delete_permission": Permissions.Finding_Edit, + "post_permission": Permissions.Finding_Edit, + } + + class UserHasImportPermission(permissions.BasePermission): def has_permission(self, request, view): # permission check takes place before validation, so we don't have access to serializer.validated_data() @@ -761,42 +809,30 @@ def has_permission(self, request, view): class UserHasTestPermission(permissions.BasePermission): - # Permission checks for related objects (like notes or metadata) can be moved - # into a seperate class, when the legacy authorization will be removed. - path_tests_post = re.compile(r"^/api/v2/tests/$") - path_tests = re.compile(r"^/api/v2/tests/\d+/$") - def has_permission(self, request, view): - if UserHasTestPermission.path_tests_post.match( - request.path, - ) or UserHasTestPermission.path_tests.match(request.path): - return check_post_permission( - request, Engagement, "engagement", Permissions.Test_Add, - ) - # related object only need object permission - return True + return check_post_permission( + request, Engagement, "engagement", Permissions.Test_Add, + ) def has_object_permission(self, request, view, obj): - if UserHasTestPermission.path_tests_post.match( - request.path, - ) or UserHasTestPermission.path_tests.match(request.path): - return check_object_permission( - request, - obj, - Permissions.Test_View, - Permissions.Test_Edit, - Permissions.Test_Delete, - ) return check_object_permission( request, obj, Permissions.Test_View, Permissions.Test_Edit, - Permissions.Test_Edit, - Permissions.Test_Edit, + Permissions.Test_Delete, ) +class UserHasTestRelatedObjectPermission(BaseRelatedObjectPermission): + permission_map = { + "get_permission": Permissions.Test_View, + "put_permission": Permissions.Test_Edit, + "delete_permission": Permissions.Test_Edit, + "post_permission": Permissions.Test_Edit, + } + + class UserHasTestImportPermission(permissions.BasePermission): def has_permission(self, request, view): return check_post_permission( @@ -1023,6 +1059,36 @@ def has_object_permission(self, request, view, obj): ) +class UserHasSLAPermission(BaseDjangoModelPermission): + django_model = SLA_Configuration + + +class UserHasDevelopmentEnvironmentPermission(BaseDjangoModelPermission): + django_model = Development_Environment + # https://github.com/DefectDojo/django-DefectDojo/blob/963d4a35bfd8f5138330f0d70595a755fa4999b0/dojo/user/utils.py#L93 + # It looks like view permission was explicitly not supported, so I assume + # reading these endpoints are not necessarily restricted (unless you're auth'd of course) + request_method_permission_map = { + "POST": "add", + "PUT": "change", + "PATCH": "change", + "DELETE": "delete", + } + + +class UserHasRegulationPermission(BaseDjangoModelPermission): + django_model = Regulation + # https://github.com/DefectDojo/django-DefectDojo/blob/963d4a35bfd8f5138330f0d70595a755fa4999b0/dojo/user/utils.py#L104 + # It looks like view permission was explicitly not supported, so I assume + # reading these endpoints are not necessarily restricted (unless you're auth'd of course) + request_method_permission_map = { + "POST": "add", + "PUT": "change", + "PATCH": "change", + "DELETE": "delete", + } + + def raise_no_auto_create_import_validation_error( test_title, scan_type, diff --git a/dojo/api_v2/prefetch/prefetcher.py b/dojo/api_v2/prefetch/prefetcher.py index 1c45e309dce..6d290b6b06b 100644 --- a/dojo/api_v2/prefetch/prefetcher.py +++ b/dojo/api_v2/prefetch/prefetcher.py @@ -1,11 +1,13 @@ import inspect import sys +from django.conf import settings from rest_framework.serializers import ModelSerializer -from dojo.models import FileUpload - -from . import utils +from dojo.api_v2.prefetch import utils +from dojo.location.api.serializers import LocationFindingReferenceSerializer, LocationSerializer +from dojo.location.models import Location, LocationFindingReference +from dojo.models import FileUpload, Finding # Reduce the scope of search for serializers. SERIALIZER_DEFS_MODULE = "dojo.api_v2.serializers" @@ -64,6 +66,10 @@ def _find_serializer(self, field_type): rest_framework.serializers.ModelSerializer: The serializer if one has been found or None """ + # Check overrides first + if serializer := self.serializer_overrides(field_type): + return serializer + # If the type is represented in the map then return the serializer if field_type in self._serializers: return self._serializers[field_type] @@ -75,6 +81,52 @@ def _find_serializer(self, field_type): parent_class = field_type.__mro__[1] return self._find_serializer(parent_class) + def get_field_value_override(self, model_instance, field_name): + """ + Allows us to override the default field value lookup functionality, e.g. for when we are migrating to new models + while keeping the old names for API compatibility. + + :param model_instance: the model instance + :param field_name: the name of the field we're getting a value for + :return: a tuple of (the value of the field, whether the field is 'many'), or None if no override exists + """ + if settings.V3_FEATURE_LOCATIONS: + if isinstance(model_instance, Finding) and field_name == "endpoints": + return model_instance.locations, True + return None + + def get_field_value(self, model_instance, field_name): + """ + Returns the value of the given field from the model instance and whether the serializer used should treat the + value as many. + + :param model_instance: the model instance + :param field_name: the name of the field we're getting a value for + :return: a tuple of (the value of the field, whether the field is 'many') + """ + # Check overrides first + if field_data := self.get_field_value_override(model_instance, field_name): + return field_data + + # Get the concrete field type + field_meta = getattr(type(model_instance), field_name, None) + # Check if the field represents a many-to-many relationship as we need to instantiate the serializer accordingly + many = utils._is_many_to_many_relation(field_meta) + # Get the field from the instance + return getattr(model_instance, field_name, None), many + + def serializer_overrides(self, field_type): + """ + Overrides for model serializers, e.g. for serializers not found in SERIALIZER_DEFS_MODULE + + :param field_type: the model field type + :return: a serializer for the given model field type, or None if no override exists + """ + return { + Location: LocationSerializer, + LocationFindingReference: LocationFindingReferenceSerializer, + }.get(field_type) + def _prefetch(self, entry, fields_to_fetch): """ Apply prefetching for the given field on the given entry @@ -86,7 +138,7 @@ def _prefetch(self, entry, fields_to_fetch): """ for field_to_fetch in fields_to_fetch: # Get the field from the instance - field_value = getattr(entry, field_to_fetch, None) + field_value, many = self.get_field_value(entry, field_to_fetch) if field_value is None: continue @@ -96,11 +148,6 @@ def _prefetch(self, entry, fields_to_fetch): if extra_serializer is None: continue - # Get the concrete field type - field_meta = getattr(type(entry), field_to_fetch, None) - # Check if the field represents a many-to-many relationship as we need to instantiate - # the serializer accordingly - many = utils._is_many_to_many_relation(field_meta) field_data = extra_serializer(many=many).to_representation( field_value, ) diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 9a17e4be985..6e75449ecab 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -39,6 +39,7 @@ from dojo.importers.base_importer import BaseImporter from dojo.importers.default_importer import DefaultImporter from dojo.importers.default_reimporter import DefaultReImporter +from dojo.location.models import Location, LocationFindingReference from dojo.models import ( DEFAULT_NOTIFICATION, IMPORT_ACTIONS, @@ -411,7 +412,13 @@ class MetaSerializer(serializers.ModelSerializer): allow_null=True, ) endpoint = serializers.PrimaryKeyRelatedField( - queryset=Endpoint.objects.all(), + queryset=Location.objects.all(), + required=False, + default=None, + allow_null=True, + ) + location = serializers.PrimaryKeyRelatedField( + queryset=Location.objects.all(), required=False, default=None, allow_null=True, @@ -424,9 +431,22 @@ class MetaSerializer(serializers.ModelSerializer): ) def validate(self, data): + if settings.V3_FEATURE_LOCATIONS and "endpoint" in data: + data["location"] = data.pop("endpoint") DojoMeta(**data).clean() return data + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + self.fields["endpoint"] = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + allow_null=True, + ) + class Meta: model = DojoMeta fields = "__all__" @@ -1734,6 +1754,12 @@ class FindingSerializer(serializers.ModelSerializer): reporter = serializers.PrimaryKeyRelatedField( required=False, queryset=User.objects.all(), ) + endpoints = serializers.PrimaryKeyRelatedField( + source="locations", + many=True, + required=False, + queryset=LocationFindingReference.objects.all(), + ) class Meta: model = Finding @@ -1742,6 +1768,14 @@ class Meta: "inherited_tags", ) + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + self.fields["endpoints"] = serializers.PrimaryKeyRelatedField( + many=True, required=False, queryset=Endpoint.objects.all(), + ) + @extend_schema_field(serializers.DateTimeField()) def get_jira_creation(self, obj): return jira_helper.get_jira_creation(obj) @@ -1809,10 +1843,21 @@ def update(self, instance, validated_data): # In the event the user does not supply the found_by field at all, we do not modify it elif isinstance(found_by, list) and len(found_by) == 0: instance.found_by.clear() + + locations = None + if settings.V3_FEATURE_LOCATIONS: + locations = validated_data.pop("locations", None) + instance = super().update( instance, validated_data, ) + if settings.V3_FEATURE_LOCATIONS and locations is not None: + for location_ref in instance.locations.all(): + location_ref.location.disassociate_from_finding(instance) + for location_ref in locations: + location_ref.location.associate_with_finding(instance) + if push_to_jira: jira_helper.push_to_jira(instance) @@ -2209,13 +2254,11 @@ class CommonImportScanSerializer(serializers.Serializer): verified = serializers.BooleanField( help_text="Force findings to be verified/not verified or default to the original tool (None)", required=False, ) - - # TODO: why do we allow only existing endpoints? endpoint_to_add = serializers.PrimaryKeyRelatedField( - queryset=Endpoint.objects.all(), + queryset=Location.objects.all(), required=False, default=None, - help_text="Enter the ID of an Endpoint that is associated with the target Product. New Findings will be added to that Endpoint.", + help_text="Enter the ID of a Location that is associated with the target Product. New Findings will be added to that Location.", ) file = serializers.FileField( allow_empty_file=True, @@ -2299,10 +2342,22 @@ class CommonImportScanSerializer(serializers.Serializer): required=False, ) apply_tags_to_endpoints = serializers.BooleanField( - help_text="If set to True, the tags will be applied to the endpoints", + help_text="If set to True, the tags will be applied to the locations", required=False, ) + # TODO: Delete this after the move to Locations + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not settings.V3_FEATURE_LOCATIONS: + # TODO: why do we allow only existing endpoints? + self.fields["endpoint_to_add"] = serializers.PrimaryKeyRelatedField( + queryset=Endpoint.objects.all(), + required=False, + default=None, + help_text="Enter the ID of an Endpoint that is associated with the target Product. New Findings will be added to that Endpoint.", + ) + def get_importer( self, **kwargs: dict, @@ -2404,11 +2459,16 @@ def setup_common_context(self, data: dict) -> dict: context["verified"] = data.get("verified") else: context["verified"] = None - # Change the way that endpoints are sent to the importer if endpoints_to_add := data.get("endpoint_to_add"): - context["endpoints_to_add"] = [endpoints_to_add] + if settings.V3_FEATURE_LOCATIONS: + # Note: The serializer resolves Location references, but we must pass along to the importer + # AbstractLocation objects, hence the .url access. + context["endpoints_to_add"] = [endpoints_to_add.url] + else: + # TODO: Delete this after the move to Locations + context["endpoints_to_add"] = [endpoints_to_add] else: - context["endpoint_to_add"] = None + context["endpoints_to_add"] = None # Convert the tags to a list if needed. At this point, the # TaggitListSerializer has already removed commas supplied # by the user, so this operation will consistently return @@ -2703,16 +2763,27 @@ def save(self): except (ValueError, TypeError) as e: # Raise an explicit drf exception here raise ValidationError(str(e)) - try: - endpoint_meta_import( - file, - product, - create_endpoints, - create_tags, - create_dojo_meta, - origin="API", - ) + if settings.V3_FEATURE_LOCATIONS: + endpoint_meta_import( + file, + product, + create_endpoints, + create_tags, + create_dojo_meta, + origin="API", + object_class=Location, + ) + else: + # TODO: Delete this after the move to Locations + endpoint_meta_import( + file, + product, + create_endpoints, + create_tags, + create_dojo_meta, + origin="API", + ) except SyntaxError as se: raise Exception(se) except ValueError as ve: diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 9c27e1f7820..c1a3b12db6f 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -329,7 +329,7 @@ class EndPointViewSet( ) def get_queryset(self): - return get_authorized_endpoints(Permissions.Endpoint_View).distinct() + return get_authorized_endpoints(Permissions.Location_View).distinct() @extend_schema( request=serializers.ReportGenerateOptionSerializer, @@ -395,7 +395,7 @@ class EndpointStatusViewSet( def get_queryset(self): return get_authorized_endpoint_status( - Permissions.Endpoint_View, + Permissions.Location_View, ).distinct() @@ -503,7 +503,7 @@ def generate_report(self, request, pk=None): request=serializers.AddNewNoteOptionSerializer, responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=[IsAuthenticated, permissions.UserHasEngagementRelatedObjectPermission]) def notes(self, request, pk=None): engagement = self.get_object() if request.method == "POST": @@ -567,7 +567,7 @@ def notes(self, request, pk=None): responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @action( - detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), permission_classes=[IsAuthenticated, permissions.UserHasEngagementRelatedObjectPermission], ) def files(self, request, pk=None): engagement = self.get_object() @@ -603,7 +603,7 @@ def files(self, request, pk=None): status.HTTP_201_CREATED: serializers.EngagementCheckListSerializer, }, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=[IsAuthenticated, permissions.UserHasEngagementRelatedObjectPermission]) def complete_checklist(self, request, pk=None): engagement = self.get_object() check_lists = Check_List.objects.filter(engagement=engagement) @@ -650,6 +650,7 @@ def complete_checklist(self, request, pk=None): detail=True, methods=["get"], url_path=r"files/download/(?P\d+)", + permission_classes=[IsAuthenticated, permissions.UserHasEngagementRelatedObjectPermission], ) def download_file(self, request, file_id, pk=None): engagement = self.get_object() @@ -678,13 +679,13 @@ def update_jira_epic(self, request, pk=None): try: if engagement.has_jira_issue: - jira_helper.update_epic(engagement, **request.data) + jira_helper.update_epic(engagement.id, **request.data) response = Response( {"info": "Jira Epic update query sent"}, status=status.HTTP_200_OK, ) else: - jira_helper.add_epic(engagement, **request.data) + jira_helper.add_epic(engagement.id, **request.data) response = Response( {"info": "Jira Epic create query sent"}, status=status.HTTP_200_OK, @@ -735,7 +736,7 @@ def get_queryset(self): status.HTTP_200_OK: serializers.RiskAcceptanceProofSerializer, }, ) - @action(detail=True, methods=["get"]) + @action(detail=True, methods=["get"], permission_classes=(IsAuthenticated, permissions.UserHasRiskAcceptanceRelatedObjectPermission)) def download_proof(self, request, pk=None): risk_acceptance = self.get_object() # Get the file object @@ -902,28 +903,53 @@ def perform_update(self, serializer): serializer.save(push_to_jira=push_to_jira) def get_queryset(self): - findings = get_authorized_findings( - Permissions.Finding_View, - ).prefetch_related( - "endpoints", - "reviewers", - "found_by", - "notes", - "risk_acceptance_set", - "test", - "tags", - "jira_issue", - "finding_group_set", - "files", - "burprawrequestresponse_set", - "status_finding", - "finding_meta", - "test__test_type", - "test__engagement", - "test__environment", - "test__engagement__product", - "test__engagement__product__prod_type", - ) + if settings.V3_FEATURE_LOCATIONS: + findings = get_authorized_findings( + Permissions.Finding_View, + ).prefetch_related( + "locations__location__url", + "reviewers", + "found_by", + "notes", + "risk_acceptance_set", + "test", + "tags", + "jira_issue", + "finding_group_set", + "files", + "burprawrequestresponse_set", + "status_finding", + "finding_meta", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) + else: + # TODO: Delete this after the move to Locations + findings = get_authorized_findings( + Permissions.Finding_View, + ).prefetch_related( + "endpoints", + "reviewers", + "found_by", + "notes", + "risk_acceptance_set", + "test", + "tags", + "jira_issue", + "finding_group_set", + "files", + "burprawrequestresponse_set", + "status_finding", + "finding_meta", + "test__test_type", + "test__engagement", + "test__environment", + "test__engagement__product", + "test__engagement__product__prod_type", + ) return findings.distinct() @@ -937,7 +963,7 @@ def get_serializer_class(self): request=serializers.FindingCloseSerializer, responses={status.HTTP_200_OK: serializers.FindingCloseSerializer}, ) - @action(detail=True, methods=["post"]) + @action(detail=True, methods=["post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def close(self, request, pk=None): finding = self.get_object() @@ -978,7 +1004,7 @@ def close(self, request, pk=None): request=serializers.TagSerializer, responses={status.HTTP_201_CREATED: serializers.TagSerializer}, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def tags(self, request, pk=None): finding = self.get_object() @@ -1019,7 +1045,7 @@ def tags(self, request, pk=None): status.HTTP_201_CREATED: serializers.BurpRawRequestResponseSerializer, }, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def request_response(self, request, pk=None): finding = self.get_object() @@ -1069,7 +1095,7 @@ def request_response(self, request, pk=None): request=serializers.AddNewNoteOptionSerializer, responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def notes(self, request, pk=None): finding = self.get_object() if request.method == "POST": @@ -1137,7 +1163,7 @@ def notes(self, request, pk=None): responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @action( - detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission), ) def files(self, request, pk=None): finding = self.get_object() @@ -1175,7 +1201,7 @@ def files(self, request, pk=None): @action( detail=True, methods=["get"], - url_path=r"files/download/(?P\d+)", + url_path=r"files/download/(?P\d+)", permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission), ) def download_file(self, request, file_id, pk=None): finding = self.get_object() @@ -1196,7 +1222,7 @@ def download_file(self, request, file_id, pk=None): request=serializers.FindingNoteSerializer, responses={status.HTTP_204_NO_CONTENT: ""}, ) - @action(detail=True, methods=["patch"]) + @action(detail=True, methods=["patch"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def remove_note(self, request, pk=None): """Remove Note From Finding Note""" finding = self.get_object() @@ -1235,7 +1261,7 @@ def remove_note(self, request, pk=None): request=serializers.TagSerializer, responses={status.HTTP_204_NO_CONTENT: ""}, ) - @action(detail=True, methods=["put", "patch"]) + @action(detail=True, methods=["put", "patch"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def remove_tags(self, request, pk=None): """Remove Tag(s) from finding list of tags""" finding = self.get_object() @@ -1285,6 +1311,7 @@ def remove_tags(self, request, pk=None): url_path=r"duplicate", filter_backends=[], pagination_class=None, + permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission), ) def get_duplicate_cluster(self, request, pk): finding = self.get_object() @@ -1298,7 +1325,7 @@ def get_duplicate_cluster(self, request, pk): request=OpenApiTypes.NONE, responses={status.HTTP_204_NO_CONTENT: ""}, ) - @action(detail=True, methods=["post"], url_path=r"duplicate/reset") + @action(detail=True, methods=["post"], url_path=r"duplicate/reset", permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) def reset_finding_duplicate_status(self, request, pk): checked_duplicate_id = reset_finding_duplicate_status_internal( request.user, pk, @@ -1317,7 +1344,7 @@ def reset_finding_duplicate_status(self, request, pk): responses={status.HTTP_204_NO_CONTENT: ""}, ) @action( - detail=True, methods=["post"], url_path=r"original/(?P\d+)", + detail=True, methods=["post"], url_path=r"original/(?P\d+)", permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission), ) def set_finding_as_original(self, request, pk, new_fid): success = set_finding_as_original_internal(request.user, pk, new_fid) @@ -1493,6 +1520,7 @@ def _remove_metadata(self, request, finding): methods=["post", "put", "delete", "get"], filter_backends=[], pagination_class=None, + permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission), ) def metadata(self, request, pk=None): finding = self.get_object() @@ -2036,7 +2064,7 @@ class DevelopmentEnvironmentViewSet( serializer_class = serializers.DevelopmentEnvironmentSerializer queryset = Development_Environment.objects.none() filter_backends = (DjangoFilterBackend,) - permission_classes = (IsAuthenticated, DjangoModelPermissions) + permission_classes = (IsAuthenticated, permissions.UserHasDevelopmentEnvironmentPermission) def get_queryset(self): return Development_Environment.objects.all().order_by("id") @@ -2128,7 +2156,7 @@ def generate_report(self, request, pk=None): request=serializers.AddNewNoteOptionSerializer, responses={status.HTTP_201_CREATED: serializers.NoteSerializer}, ) - @action(detail=True, methods=["get", "post"]) + @action(detail=True, methods=["get", "post"], permission_classes=(IsAuthenticated, permissions.UserHasTestRelatedObjectPermission)) def notes(self, request, pk=None): test = self.get_object() if request.method == "POST": @@ -2190,7 +2218,7 @@ def notes(self, request, pk=None): responses={status.HTTP_201_CREATED: serializers.FileSerializer}, ) @action( - detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), + detail=True, methods=["get", "post"], parser_classes=(MultiPartParser,), permission_classes=(IsAuthenticated, permissions.UserHasTestRelatedObjectPermission), ) def files(self, request, pk=None): test = self.get_object() @@ -2229,6 +2257,7 @@ def files(self, request, pk=None): detail=True, methods=["get"], url_path=r"files/download/(?P\d+)", + permission_classes=(IsAuthenticated, permissions.UserHasTestRelatedObjectPermission), ) def download_file(self, request, file_id, pk=None): test = self.get_object() @@ -2388,7 +2417,7 @@ class RegulationsViewSet( queryset = Regulation.objects.none() filter_backends = (DjangoFilterBackend,) filterset_fields = ["id", "name", "description"] - permission_classes = (IsAuthenticated, DjangoModelPermissions) + permission_classes = (IsAuthenticated, permissions.UserHasRegulationPermission) def get_queryset(self): return Regulation.objects.all().order_by("id") @@ -2581,7 +2610,7 @@ def perform_create(self, serializer): serializer.save() def get_queryset(self): - return get_authorized_products(Permissions.Endpoint_Edit) + return get_authorized_products(Permissions.Location_Edit) # Authorization: configuration @@ -2742,7 +2771,7 @@ class BurpRawRequestResponseViewSet( filterset_fields = ["finding"] permission_classes = ( IsAuthenticated, - permissions.UserHasFindingPermission, + permissions.UserHasFindingRelatedObjectPermission, ) def get_queryset(self): @@ -3129,7 +3158,7 @@ class SLAConfigurationViewset( serializer_class = serializers.SLAConfigurationSerializer queryset = SLA_Configuration.objects.none() filter_backends = (DjangoFilterBackend,) - permission_classes = (IsAuthenticated, DjangoModelPermissions) + permission_classes = (IsAuthenticated, permissions.UserHasSLAPermission) def get_queryset(self): return SLA_Configuration.objects.all().order_by("id") @@ -3143,7 +3172,7 @@ class QuestionnaireQuestionViewSet( queryset = Question.objects.none() filter_backends = (DjangoFilterBackend,) permission_classes = ( - permissions.UserHasEngagementPermission, + permissions.UserHasEngagementRelatedObjectPermission, DjangoModelPermissions, ) @@ -3159,7 +3188,7 @@ class QuestionnaireAnswerViewSet( queryset = Answer.objects.none() filter_backends = (DjangoFilterBackend,) permission_classes = ( - permissions.UserHasEngagementPermission, + permissions.UserHasEngagementRelatedObjectPermission, DjangoModelPermissions, ) @@ -3174,7 +3203,7 @@ class QuestionnaireGeneralSurveyViewSet( queryset = General_Survey.objects.none() filter_backends = (DjangoFilterBackend,) permission_classes = ( - permissions.UserHasEngagementPermission, + permissions.UserHasEngagementRelatedObjectPermission, DjangoModelPermissions, ) @@ -3189,7 +3218,7 @@ class QuestionnaireEngagementSurveyViewSet( queryset = Engagement_Survey.objects.none() filter_backends = (DjangoFilterBackend,) permission_classes = ( - permissions.UserHasEngagementPermission, + permissions.UserHasEngagementRelatedObjectPermission, DjangoModelPermissions, ) @@ -3230,7 +3259,7 @@ class QuestionnaireAnsweredSurveyViewSet( queryset = Answered_Survey.objects.none() filter_backends = (DjangoFilterBackend,) permission_classes = ( - permissions.UserHasEngagementPermission, + permissions.UserHasEngagementRelatedObjectPermission, DjangoModelPermissions, ) diff --git a/dojo/apps.py b/dojo/apps.py index 06733c29771..96b8c87af34 100644 --- a/dojo/apps.py +++ b/dojo/apps.py @@ -60,7 +60,9 @@ def ready(self): # sast_source_file_path = models.CharField(null=True, blank=True, max_length=4000, help_text="Source filepath of the attack vector") watson.register(self.get_model("Finding_Template")) + # TODO: Delete this after the move to Locations watson.register(self.get_model("Endpoint"), store=("product__name", )) # add product name also? + watson.register(self.get_model("Location")) watson.register(self.get_model("Engagement"), fields=get_model_fields_with_extra(self.get_model("Engagement"), ("id", "product__name")), store=("product__name", )) watson.register(self.get_model("App_Analysis")) watson.register(self.get_model("Vulnerability_Id"), store=("finding__test__engagement__product__name", )) @@ -71,10 +73,12 @@ def ready(self): register_check(check_configuration_deduplication, "dojo") # Load any signals here that will be ready for runtime - # Importing the signals file is good enough if using the reciever decorator + # Importing the signals file is good enough if using the receiver decorator import dojo.announcement.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.benchmark.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.cred.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady + + # TODO: Delete this after the move to Locations import dojo.endpoint.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.engagement.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.file_uploads.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady @@ -87,7 +91,7 @@ def ready(self): import dojo.tags_signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.test.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady import dojo.tool_product.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady - + import dojo.url.signals # noqa: PLC0415, F401 raised: AppRegistryNotReady # Configure audit system after all models are loaded # This must be done in ready() to avoid "Models aren't loaded yet" errors # Note: pghistory models are registered here (no database access), but trigger diff --git a/dojo/asset/urls.py b/dojo/asset/urls.py index e248348b74b..24d369b4410 100644 --- a/dojo/asset/urls.py +++ b/dojo/asset/urls.py @@ -85,7 +85,7 @@ ), re_path( r"^asset/(?P\d+)/add_meta_data$", - views.add_meta_data, + views.manage_meta_data, name="add_meta_data", ), re_path( @@ -95,7 +95,7 @@ ), re_path( r"^asset/(?P\d+)/edit_meta_data$", - views.edit_meta_data, + views.manage_meta_data, name="edit_meta_data", ), re_path( @@ -239,11 +239,11 @@ name="delete_technology"), re_path(r"^product/(?P\d+)/new_engagement/cicd$", views.new_eng_for_app_cicd, name="new_eng_for_prod_cicd"), - re_path(r"^product/(?P\d+)/add_meta_data$", views.add_meta_data, + re_path(r"^product/(?P\d+)/add_meta_data$", views.manage_meta_data, name="add_meta_data"), re_path(r"^product/(?P\d+)/edit_notifications$", views.edit_notifications, name="edit_notifications"), - re_path(r"^product/(?P\d+)/edit_meta_data$", views.edit_meta_data, + re_path(r"^product/(?P\d+)/edit_meta_data$", views.manage_meta_data, name="edit_meta_data"), re_path( r"^product/(?P\d+)/ad_hoc_finding$", diff --git a/dojo/auditlog.py b/dojo/auditlog.py index 6747f4fa91b..fc908163366 100644 --- a/dojo/auditlog.py +++ b/dojo/auditlog.py @@ -8,6 +8,7 @@ import os import sys import time +from collections import defaultdict import pghistory from dateutil.relativedelta import relativedelta @@ -24,6 +25,153 @@ # Django's app registry to be ready (AppRegistryNotReady error) # The function is called from DojoAppConfig.ready() which guarantees the registry is ready +# Populated by register_django_pghistory_models() - maps proxy_name -> (parent_model, field_name) +TAG_MODEL_MAPPING = {} + + +def _reconstruct_object_str(model_name: str, pgh_data: dict, obj_id: int) -> str: + """Reconstruct object string representation from pgh_data snapshot.""" + if not pgh_data: + return f"{model_name} #{obj_id}" if obj_id else "N/A" + + model_lower = model_name.lower() + + # Model-specific reconstruction based on __str__ implementations + if model_lower in {"finding", "finding_template"}: + if pgh_data.get("title"): + return str(pgh_data["title"]) + elif model_lower == "engagement": + name = pgh_data.get("name", "") + if name: + return f"Engagement {obj_id}: {name}" + elif model_lower == "dojo_user": + first = pgh_data.get("first_name", "") + last = pgh_data.get("last_name", "") + if first or last: + return f"{first} {last}".strip() + if pgh_data.get("username"): + return pgh_data["username"] + elif model_lower in {"product", "product_type", "finding_group", "test_type"}: + if pgh_data.get("name"): + return str(pgh_data["name"]) + elif model_lower == "test": + if pgh_data.get("title"): + return pgh_data["title"] + elif model_lower == "endpoint": + if pgh_data.get("host"): + return pgh_data["host"] + + # Fallback: try common fields + for field in ["title", "name", "username", "label", "host"]: + if pgh_data.get(field): + return str(pgh_data[field]) + + return f"{model_name} #{obj_id}" if obj_id else "N/A" + + +def process_events_for_display(events): + """Process events to add object_str and object_url.""" + # Import here to avoid circular imports + from dojo.models import Dojo_User # noqa: PLC0415 + + ids_by_model = defaultdict(set) + user_ids = set() + tag_ids_by_model = defaultdict(set) + + # First pass: collect IDs + for event in events: + if not hasattr(event, "pgh_obj_model") or not event.pgh_obj_model: + continue + model_name = event.pgh_obj_model.split(".")[-1] + pgh_data = getattr(event, "pgh_data", None) or {} + obj_id = getattr(event, "pgh_obj_id", None) + + if model_name == "FindingReviewers": + if user_id := pgh_data.get("dojo_user_id"): + user_ids.add(int(user_id)) + elif model_name in TAG_MODEL_MAPPING: + # Find tag ID from pgh_data (key starts with "tagulous_" and ends with "_id") + for key, value in pgh_data.items(): + if key.startswith("tagulous_") and key.endswith("_id") and value: + tag_ids_by_model[model_name].add(int(value)) + break + elif obj_id: + ids_by_model[model_name].add(int(obj_id)) + + # Batch fetch model instances + instances_cache = {} + for model_name, obj_ids in ids_by_model.items(): + if obj_ids: + try: + model_class = apps.get_model("dojo", model_name) + instances_cache[model_name] = { + obj.id: obj for obj in model_class.objects.filter(id__in=obj_ids) + } + except LookupError: + pass + + # Batch fetch users for FindingReviewers + users_cache = {} + if user_ids: + users_cache = {u.id: u for u in Dojo_User.objects.filter(id__in=user_ids)} + + # Batch fetch tags per model type + tags_cache = {} + for model_name, tag_ids in tag_ids_by_model.items(): + if tag_ids and model_name in TAG_MODEL_MAPPING: + parent_model, field_name = TAG_MODEL_MAPPING[model_name] + tag_model = parent_model._meta.get_field(field_name).remote_field.model + tags_cache[model_name] = {t.id: t.name for t in tag_model.objects.filter(id__in=tag_ids)} + + # Second pass: annotate events + for event in events: + try: + if not hasattr(event, "pgh_obj_model") or not event.pgh_obj_model: + event.object_str = "N/A" + event.object_url = None + continue + + model_name = event.pgh_obj_model.split(".")[-1] + pgh_data = getattr(event, "pgh_data", None) or {} + obj_id = getattr(event, "pgh_obj_id", None) + obj_id_int = int(obj_id) if obj_id else None + + if model_name == "FindingReviewers": + user_id = pgh_data.get("dojo_user_id") + user = users_cache.get(int(user_id)) if user_id else None + if user: + event.object_str = f"Reviewer: {user.get_full_name() or user.username}" + else: + event.object_str = f"FindingReviewers #{obj_id}" + event.object_url = None + elif model_name in TAG_MODEL_MAPPING: + # Find tag name from cache + tag_name = None + for key, value in pgh_data.items(): + if key.startswith("tagulous_") and key.endswith("_id") and value: + tag_name = tags_cache.get(model_name, {}).get(int(value)) + break + if tag_name: + event.object_str = f"Tag: {tag_name}" + else: + event.object_str = f"{model_name} #{obj_id}" + event.object_url = None + else: + instance = instances_cache.get(model_name, {}).get(obj_id_int) + if instance: + event.object_str = str(instance) + event.object_url = instance.get_absolute_url() if hasattr(instance, "get_absolute_url") else None + else: + event.object_str = _reconstruct_object_str(model_name, pgh_data, obj_id) + event.object_url = None + except Exception: + # Fallback if anything fails + logger.debug("Error processing event: %s", event, exc_info=True) + event.object_str = f"{getattr(event, 'pgh_obj_model', 'Unknown')} #{getattr(event, 'pgh_obj_id', '?')}" + event.object_url = None + + return events + def _flush_models_in_batches(models_to_flush, timestamp_field: str, retention_period: int, batch_size: int, max_batches: int, *, dry_run: bool = False) -> tuple[int, int, bool]: """ @@ -144,20 +292,25 @@ def register_django_pghistory_models(): triggers. """ # Import models inside function to avoid AppRegistryNotReady errors + from dojo.location.models import Location # noqa: PLC0415 from dojo.models import ( # noqa: PLC0415 + App_Analysis, Cred_User, Dojo_User, + # TODO: Delete this after the move to Locations Endpoint, Engagement, Finding, Finding_Group, Finding_Template, Notification_Webhooks, + Objects_Product, Product, Product_Type, Risk_Acceptance, Test, ) + from dojo.url.models import URL # noqa: PLC0415 # Only log during actual application startup, not during shell commands if "shell" not in sys.argv: @@ -376,6 +529,82 @@ class Meta: }, )(FindingReviewers) + pghistory.track( + pghistory.InsertEvent(), + pghistory.UpdateEvent(condition=pghistory.AnyChange(exclude_auto=True)), + pghistory.DeleteEvent(), + pghistory.ManualEvent(label="initial_backfill"), + meta={ + "indexes": [ + models.Index(fields=["pgh_created_at"]), + models.Index(fields=["pgh_label"]), + models.Index(fields=["pgh_context_id"]), + ], + }, + )(Location) + + pghistory.track( + pghistory.InsertEvent(), + pghistory.UpdateEvent(condition=pghistory.AnyChange(exclude_auto=True)), + pghistory.DeleteEvent(), + pghistory.ManualEvent(label="initial_backfill"), + meta={ + "indexes": [ + models.Index(fields=["pgh_created_at"]), + models.Index(fields=["pgh_label"]), + models.Index(fields=["pgh_context_id"]), + ], + }, + )(URL) + + # Track tag through models for all TagField relationships + # Must use proxy pattern like FindingReviewers because tagulous auto-generates + # through models that cannot be imported at module level + tag_through_models = [ + # (Parent model, field name, proxy class name) + (Finding, "tags", "FindingTags"), + (Finding, "inherited_tags", "FindingInheritedTags"), + (Product, "tags", "ProductTags"), + (Engagement, "tags", "EngagementTags"), + (Engagement, "inherited_tags", "EngagementInheritedTags"), + (Test, "tags", "TestTags"), + (Test, "inherited_tags", "TestInheritedTags"), + (Endpoint, "tags", "EndpointTags"), + (Endpoint, "inherited_tags", "EndpointInheritedTags"), + (Finding_Template, "tags", "FindingTemplateTags"), + (App_Analysis, "tags", "AppAnalysisTags"), + (Objects_Product, "tags", "ObjectsProductTags"), + ] + + for parent_model, field_name, proxy_name in tag_through_models: + # Populate the mapping for use in process_events_for_display + TAG_MODEL_MAPPING[proxy_name] = (parent_model, field_name) + + through_model = parent_model._meta.get_field(field_name).remote_field.through + + # Create proxy class dynamically + proxy_class = type(proxy_name, (through_model,), { + "__module__": __name__, + "Meta": type("Meta", (), {"proxy": True}), + }) + + # Derive event table name from through table name + db_table = through_model._meta.db_table + "event" + + pghistory.track( + pghistory.InsertEvent(), + pghistory.DeleteEvent(), + pghistory.ManualEvent(label="initial_backfill"), + meta={ + "db_table": db_table, + "indexes": [ + models.Index(fields=["pgh_created_at"]), + models.Index(fields=["pgh_label"]), + models.Index(fields=["pgh_context_id"]), + ], + }, + )(proxy_class) + # Only log during actual application startup, not during shell commands if "shell" not in sys.argv: logger.info("Successfully registered models with django-pghistory") @@ -488,6 +717,43 @@ def get_table_names(model_name): # M2M through table: Django creates dojo_finding_reviewers for Finding.reviewers table_name = "dojo_finding_reviewers" event_table_name = "dojo_finding_reviewersevent" + # Tag through tables (tagulous auto-generated) + elif model_name == "FindingTags": + table_name = "dojo_finding_tags" + event_table_name = "dojo_finding_tagsevent" + elif model_name == "FindingInheritedTags": + table_name = "dojo_finding_inherited_tags" + event_table_name = "dojo_finding_inherited_tagsevent" + elif model_name == "ProductTags": + table_name = "dojo_product_tags" + event_table_name = "dojo_product_tagsevent" + elif model_name == "EngagementTags": + table_name = "dojo_engagement_tags" + event_table_name = "dojo_engagement_tagsevent" + elif model_name == "EngagementInheritedTags": + table_name = "dojo_engagement_inherited_tags" + event_table_name = "dojo_engagement_inherited_tagsevent" + elif model_name == "TestTags": + table_name = "dojo_test_tags" + event_table_name = "dojo_test_tagsevent" + elif model_name == "TestInheritedTags": + table_name = "dojo_test_inherited_tags" + event_table_name = "dojo_test_inherited_tagsevent" + elif model_name == "EndpointTags": + table_name = "dojo_endpoint_tags" + event_table_name = "dojo_endpoint_tagsevent" + elif model_name == "EndpointInheritedTags": + table_name = "dojo_endpoint_inherited_tags" + event_table_name = "dojo_endpoint_inherited_tagsevent" + elif model_name == "FindingTemplateTags": + table_name = "dojo_finding_template_tags" + event_table_name = "dojo_finding_template_tagsevent" + elif model_name == "AppAnalysisTags": + table_name = "dojo_app_analysis_tags" + event_table_name = "dojo_app_analysis_tagsevent" + elif model_name == "ObjectsProductTags": + table_name = "dojo_objects_product_tags" + event_table_name = "dojo_objects_product_tagsevent" else: table_name = f"dojo_{model_name.lower()}" event_table_name = f"dojo_{model_name.lower()}event" @@ -539,7 +805,16 @@ def process_model_backfill( """ if progress_callback is None: def progress_callback(msg, style=None): - logger.info(msg) + if style == "ERROR": + logger.error(msg) + elif style == "WARNING": + logger.warning(msg) + elif style == "SUCCESS": + logger.info(msg) + elif style == "DEBUG": + logger.debug(msg) + else: + logger.info(msg) try: table_name, event_table_name = get_table_names(model_name) @@ -555,7 +830,7 @@ def progress_callback(msg, style=None): progress_callback( f" Event table {event_table_name} not found. " f"Is {model_name} tracked by pghistory?", - "ERROR", + "DEBUG", ) return 0, 0.0 @@ -791,4 +1066,18 @@ def get_tracked_models(): "Product_Type", "Product", "Test", "Risk_Acceptance", "Finding_Template", "Cred_User", "Notification_Webhooks", "FindingReviewers", # M2M through table for Finding.reviewers + "Location", "URL", + # Tag through tables (tagulous auto-generated) + "FindingTags", + "FindingInheritedTags", + "ProductTags", + "EngagementTags", + "EngagementInheritedTags", + "TestTags", + "TestInheritedTags", + "EndpointTags", + "EndpointInheritedTags", + "FindingTemplateTags", + "AppAnalysisTags", + "ObjectsProductTags", ] diff --git a/dojo/authorization/authorization.py b/dojo/authorization/authorization.py index 840eeb7ea35..313288f4ba8 100644 --- a/dojo/authorization/authorization.py +++ b/dojo/authorization/authorization.py @@ -7,6 +7,7 @@ get_global_roles_with_permissions, get_roles_with_permissions, ) +from dojo.location.models import AbstractLocation, Location from dojo.models import ( App_Analysis, Cred_Mapping, @@ -144,19 +145,30 @@ def user_has_permission(user: Dojo_User, obj: Model, permission: int) -> bool: user, obj.test.engagement.product, permission, ) if ( + isinstance(obj, Location) + and permission in Permissions.get_location_permissions() + ): + return any(user_has_permission(user, ref.product, permission) for ref in obj.products.all()) + if ( + isinstance(obj, AbstractLocation) + and permission in Permissions.get_location_permissions() + ): + return user_has_permission(user, obj.location, permission) + if ( + # TODO: Delete this after the move to Locations isinstance(obj, Endpoint) - and permission in Permissions.get_endpoint_permissions() + and permission in Permissions.get_location_permissions() ) or ( isinstance(obj, Languages) and permission in Permissions.get_language_permissions() - ) or (( + ) or ( isinstance(obj, App_Analysis) and permission in Permissions.get_technology_permissions() ) or ( isinstance(obj, Product_API_Scan_Configuration) and permission in Permissions.get_product_api_scan_configuration_permissions() - )): + ): return user_has_permission(user, obj.product, permission) if ( isinstance(obj, Product_Type_Member) diff --git a/dojo/authorization/roles_permissions.py b/dojo/authorization/roles_permissions.py index aaebbc76b15..ebd873dc617 100644 --- a/dojo/authorization/roles_permissions.py +++ b/dojo/authorization/roles_permissions.py @@ -61,10 +61,10 @@ class Permissions(IntEnum): Finding_Edit = 1406 Finding_Delete = 1407 - Endpoint_View = 1502 - Endpoint_Add = 1503 - Endpoint_Edit = 1506 - Endpoint_Delete = 1507 + Location_View = 1502 + Location_Add = 1503 + Location_Edit = 1506 + Location_Delete = 1507 Benchmark_Edit = 1606 Benchmark_Delete = 1607 @@ -186,11 +186,11 @@ def get_finding_group_permissions(cls): } @classmethod - def get_endpoint_permissions(cls): + def get_location_permissions(cls): return { - Permissions.Endpoint_View, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, } @classmethod @@ -287,7 +287,7 @@ def get_roles_with_permissions(): Permissions.Test_View, Permissions.Finding_View, Permissions.Finding_Group_View, - Permissions.Endpoint_View, + Permissions.Location_View, Permissions.Component_View, Permissions.Note_Add, Permissions.Product_Group_View, @@ -309,7 +309,7 @@ def get_roles_with_permissions(): Permissions.Test_Edit, Permissions.Finding_View, Permissions.Finding_Group_View, - Permissions.Endpoint_View, + Permissions.Location_View, Permissions.Component_View, Permissions.Product_Group_View, Permissions.Product_Type_Group_View, @@ -335,9 +335,9 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, Permissions.Benchmark_Edit, Permissions.Component_View, Permissions.Note_View_History, @@ -388,10 +388,10 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, + Permissions.Location_Delete, Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, Permissions.Component_View, @@ -465,10 +465,10 @@ def get_roles_with_permissions(): Permissions.Finding_Group_Add, Permissions.Finding_Group_Edit, Permissions.Finding_Group_Delete, - Permissions.Endpoint_View, - Permissions.Endpoint_Add, - Permissions.Endpoint_Edit, - Permissions.Endpoint_Delete, + Permissions.Location_View, + Permissions.Location_Add, + Permissions.Location_Edit, + Permissions.Location_Delete, Permissions.Benchmark_Edit, Permissions.Benchmark_Delete, Permissions.Component_View, diff --git a/dojo/base_models/__init__.py b/dojo/base_models/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/base_models/base.py b/dojo/base_models/base.py new file mode 100644 index 00000000000..8e1bf3feac9 --- /dev/null +++ b/dojo/base_models/base.py @@ -0,0 +1,106 @@ +import contextlib +import logging +from typing import TypeVar + +from django.conf import settings +from django.db.models import DateTimeField, Manager, Model, QuerySet +from django.utils.translation import gettext_lazy as _ + +logger = logging.getLogger(__name__) + +# Type variable for the model +T = TypeVar("T", bound="BaseModelWithoutTimeMeta") + + +class BaseQuerySet(QuerySet): + + """Base Queryset to add chainable queries.""" + + def order_by_id(self, *field_names: str): + return super().order_by("id") + + +class BaseManager(Manager): + + """Base manager to manipulate all objects with.""" + + QUERY_SET_CLASS = BaseQuerySet + + def get_queryset(self) -> QuerySet[T]: + return self.QUERY_SET_CLASS(self.model, using=self._db).order_by_id() + + +class BaseModelWithoutTimeMeta(Model): + + """Base model class that all models will extend.""" + + objects = BaseManager() + + class Meta: + + """Meta class for the base model.""" + + abstract = True + + def save(self, *args: list, skip_validation: bool = not settings.V3_FEATURE_LOCATIONS, **kwargs: dict) -> None: + """ + Override save method to call the `full_clean()` validation function each save. + + The `full_clean` function is also called here to perform validation on the model in + various places. Here is the name, and a brief description for each function: + - Validate the model fields - `clean_fields()` + - Validate the model as a whole - `clean()` + - Validate the field uniqueness - `validate_unique()` + All three steps are performed when you call a model's full_clean() method in the order above + """ + # Run the pre save logic, if enabled + self.pre_save_logic() + # Call the validations + if not skip_validation: + try: + self.full_clean() + except Exception: + self.print_all_fields() + raise + # Run the post save logic, if enabled + self.post_save_logic() + # Call the base save method to save the model to the database + super().save(*args, **kwargs) + + def pre_save_logic(self) -> None: + """Allow for some pre save operations by other classes.""" + + def post_save_logic(self) -> None: + """Allow for some post save operations by other classes.""" + + def print_all_fields(self) -> None: + """Query all fields, and then print them in an easy to read fashion.""" + with contextlib.suppress(ValueError): + fields = [f.name for f in self._meta.get_fields()] + logger.debug(f"\n\n-- {self._meta.object_name} --") + for field in fields: + logger.debug(f"\t {field}: {getattr(self, field, 'Unable to access')}") + + +class BaseModel(BaseModelWithoutTimeMeta): + + """Base model class that all models will extend, but with created/updated timestamps.""" + + created = DateTimeField( + verbose_name=_("Created"), + auto_now_add=True, + null=True, # This will never happen, but it fits what the current model defines + help_text=_("Time that the object was initially created, and saved to the database"), + ) + updated = DateTimeField( + verbose_name=_("Updated"), + auto_now=True, + null=True, # This will never happen, but it fits what the current model defines + help_text=_("Time that the object was most recently saved to the database"), + ) + + class Meta: + + """Meta class for the base model.""" + + abstract = True diff --git a/dojo/base_models/validators.py b/dojo/base_models/validators.py new file mode 100644 index 00000000000..08815b71342 --- /dev/null +++ b/dojo/base_models/validators.py @@ -0,0 +1,29 @@ +from django.core.exceptions import ValidationError + + +def validate_not_empty(value: str) -> None: + """Validate that the value is not an empty string.""" + if not value.strip(): + msg = "This field cannot be empty." + raise ValidationError(msg) + + +def no_spaces(value: str) -> None: + """Validate that raises a ValidationError if the input string contains spaces.""" + if " " in value: + msg = "This field cannot contain spaces." + raise ValidationError(msg) + + +def no_colons(value: str) -> None: + """Validate that raises a ValidationError if the input string contains colons.""" + if ":" in value: + msg = "This field cannot contain colons." + raise ValidationError(msg) + + +def only_lowercase(value: str) -> None: + """Validate that raises a ValidationError if the input string contains any uppercase letters.""" + if not value.islower(): + msg = "This field must contain only lowercase letters." + raise ValidationError(msg) diff --git a/dojo/context_processors.py b/dojo/context_processors.py index 6f6bef626d6..cc53af0f1e0 100644 --- a/dojo/context_processors.py +++ b/dojo/context_processors.py @@ -36,6 +36,8 @@ def globalize_vars(request): "API_TOKENS_ENABLED": settings.API_TOKENS_ENABLED, "API_TOKEN_AUTH_ENDPOINT_ENABLED": settings.API_TOKEN_AUTH_ENDPOINT_ENABLED, "CREATE_CLOUD_BANNER": settings.CREATE_CLOUD_BANNER, + # V3 Feature Flags + "V3_FEATURE_LOCATIONS": settings.V3_FEATURE_LOCATIONS, } diff --git a/dojo/cred/queries.py b/dojo/cred/queries.py index beb84129bab..a9dab0fb58e 100644 --- a/dojo/cred/queries.py +++ b/dojo/cred/queries.py @@ -1,17 +1,21 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import Cred_Mapping, Product_Group, Product_Member, Product_Type_Group, Product_Type_Member +from dojo.request_cache import cache_for_request -def get_authorized_cred_mappings(permission, queryset=None): +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_cred_mappings(permission): + """Cached - returns all cred mappings the user is authorized to see.""" user = get_current_user() if user is None: return Cred_Mapping.objects.none() - cred_mappings = Cred_Mapping.objects.all().order_by("id") if queryset is None else queryset + cred_mappings = Cred_Mapping.objects.all().order_by("id") if user.is_superuser: return cred_mappings @@ -20,27 +24,69 @@ def get_authorized_cred_mappings(permission, queryset=None): return cred_mappings roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - cred_mappings = cred_mappings.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return cred_mappings.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ) + + +def get_authorized_cred_mappings_for_queryset(permission, queryset): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" + user = get_current_user() + + if user is None: + return Cred_Mapping.objects.none() + + if user.is_superuser: + return queryset + + if user_has_global_permission(user, permission): + return queryset + + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return queryset.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ) diff --git a/dojo/cred/views.py b/dojo/cred/views.py index be5d0560683..4feaddb73b6 100644 --- a/dojo/cred/views.py +++ b/dojo/cred/views.py @@ -8,7 +8,7 @@ from dojo.authorization.authorization_decorators import user_is_authorized, user_is_configuration_authorized from dojo.authorization.roles_permissions import Permissions -from dojo.cred.queries import get_authorized_cred_mappings +from dojo.cred.queries import get_authorized_cred_mappings_for_queryset from dojo.forms import CredMappingForm, CredMappingFormProd, CredUserForm, NoteForm from dojo.models import Cred_Mapping, Cred_User, Engagement, Finding, Product, Test from dojo.utils import Product_Tab, add_breadcrumb, dojo_crypto_encrypt, prepare_for_view @@ -85,7 +85,7 @@ def view_cred_details(request, ttid): notes = cred.notes.all() cred_products = Cred_Mapping.objects.select_related("product").filter( product_id__isnull=False, cred_id=ttid).order_by("product__name") - cred_products = get_authorized_cred_mappings(Permissions.Product_View, cred_products) + cred_products = get_authorized_cred_mappings_for_queryset(Permissions.Product_View, cred_products) if request.method == "POST": form = NoteForm(request.POST) diff --git a/dojo/db_migrations/0250_pghistory_backfill.py b/dojo/db_migrations/0250_pghistory_backfill.py index 5d09d77c0e2..927ad091ba4 100644 --- a/dojo/db_migrations/0250_pghistory_backfill.py +++ b/dojo/db_migrations/0250_pghistory_backfill.py @@ -43,6 +43,8 @@ def progress_callback(msg, style=None): logger.warning(msg) elif style == "SUCCESS": logger.info(msg) + elif style == "DEBUG": + logger.debug(msg) else: logger.info(msg) diff --git a/dojo/db_migrations/0256_pghistory_for_tags_models.py b/dojo/db_migrations/0256_pghistory_for_tags_models.py new file mode 100644 index 00000000000..db4cb020dde --- /dev/null +++ b/dojo/db_migrations/0256_pghistory_for_tags_models.py @@ -0,0 +1,637 @@ +# Generated by Django 5.2.9 on 2026-01-18 09:36 + +import django.db.models.deletion +import pgtrigger.compiler +import pgtrigger.migrations +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0255_remove_system_settings_product_grade'), + ('pghistory', '0007_auto_20250421_0444'), + ] + + operations = [ + migrations.CreateModel( + name='TestTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.test_tags',), + ), + migrations.CreateModel( + name='TestInheritedTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.test_inherited_tags',), + ), + migrations.CreateModel( + name='ProductTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.product_tags',), + ), + migrations.CreateModel( + name='ObjectsProductTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.objects_product_tags',), + ), + migrations.CreateModel( + name='FindingTemplateTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.finding_template_tags',), + ), + migrations.CreateModel( + name='FindingTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.finding_tags',), + ), + migrations.CreateModel( + name='FindingInheritedTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.finding_inherited_tags',), + ), + migrations.CreateModel( + name='EngagementTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.engagement_tags',), + ), + migrations.CreateModel( + name='EngagementInheritedTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.engagement_inherited_tags',), + ), + migrations.CreateModel( + name='EndpointTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.endpoint_tags',), + ), + migrations.CreateModel( + name='EndpointInheritedTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.endpoint_inherited_tags',), + ), + migrations.CreateModel( + name='AppAnalysisTags', + fields=[ + ], + options={ + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('dojo.app_analysis_tags',), + ), + migrations.CreateModel( + name='AppAnalysisTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('app_analysis', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.app_analysis')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_app_analysis_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_app_analysis_tags')), + ], + options={ + 'db_table': 'dojo_app_analysis_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='EndpointInheritedTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('endpoint', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.endpoint')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_endpoint_inherited_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_endpoint_inherited_tags')), + ], + options={ + 'db_table': 'dojo_endpoint_inherited_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='EndpointTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('endpoint', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.endpoint')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_endpoint_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_endpoint_tags')), + ], + options={ + 'db_table': 'dojo_endpoint_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='EngagementInheritedTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('engagement', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.engagement')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_engagement_inherited_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_engagement_inherited_tags')), + ], + options={ + 'db_table': 'dojo_engagement_inherited_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='EngagementTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('engagement', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.engagement')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_engagement_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_engagement_tags')), + ], + options={ + 'db_table': 'dojo_engagement_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='FindingInheritedTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('finding', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.finding')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_finding_inherited_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_finding_inherited_tags')), + ], + options={ + 'db_table': 'dojo_finding_inherited_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='FindingTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('finding', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.finding')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_finding_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_finding_tags')), + ], + options={ + 'db_table': 'dojo_finding_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='FindingTemplateTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('finding_template', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.finding_template')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_finding_template_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_finding_template_tags')), + ], + options={ + 'db_table': 'dojo_finding_template_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='ObjectsProductTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('objects_product', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.objects_product')), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_objects_product_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_objects_product_tags')), + ], + options={ + 'db_table': 'dojo_objects_product_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='ProductTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('product', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.product')), + ('tagulous_product_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_product_tags')), + ], + options={ + 'db_table': 'dojo_product_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='TestInheritedTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_test_inherited_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_test_inherited_tags')), + ('test', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.test')), + ], + options={ + 'db_table': 'dojo_test_inherited_tagsevent', + 'abstract': False, + }, + ), + migrations.CreateModel( + name='TestTagsEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('pgh_context', models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context')), + ('tagulous_test_tags', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.tagulous_test_tags')), + ('test', models.ForeignKey(db_constraint=False, db_index=False, db_tablespace='', on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.test')), + ('pgh_obj', models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.testtags')), + ], + options={ + 'db_table': 'dojo_test_tagsevent', + 'abstract': False, + }, + ), + pgtrigger.migrations.AddTrigger( + model_name='testtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_test_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_test_tags_id", "test_id") VALUES (NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_test_tags_id", NEW."test_id"); RETURN NULL;', hash='86a598e23b7e1d415a5bc23a720d5ec182e09481', operation='INSERT', pgid='pgtrigger_insert_insert_71d92', table='dojo_test_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='testtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_test_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_test_tags_id", "test_id") VALUES (OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_test_tags_id", OLD."test_id"); RETURN NULL;', hash='f3e94cff7c145b7f8ecd258ed49b966b48bdc15a', operation='DELETE', pgid='pgtrigger_delete_delete_cd4f5', table='dojo_test_tags', when='AFTER')), + ), + migrations.AddField( + model_name='testinheritedtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.testinheritedtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='testinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_test_inherited_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_test_inherited_tags_id", "test_id") VALUES (NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_test_inherited_tags_id", NEW."test_id"); RETURN NULL;', hash='3e55e4ec5bac28a168deb80b1c4be56765dcd070', operation='INSERT', pgid='pgtrigger_insert_insert_c878e', table='dojo_test_inherited_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='testinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_test_inherited_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_test_inherited_tags_id", "test_id") VALUES (OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_test_inherited_tags_id", OLD."test_id"); RETURN NULL;', hash='42b725ae0f08d2caefc853e958c74423cae6a168', operation='DELETE', pgid='pgtrigger_delete_delete_6f7b7', table='dojo_test_inherited_tags', when='AFTER')), + ), + migrations.AddField( + model_name='producttagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.producttags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='producttags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_product_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "product_id", "tagulous_product_tags_id") VALUES (NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."product_id", NEW."tagulous_product_tags_id"); RETURN NULL;', hash='c7ecc1453d0a1beaf1a2de2ac6f3bff79e2a1a09', operation='INSERT', pgid='pgtrigger_insert_insert_a42d8', table='dojo_product_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='producttags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_product_tagsevent" ("id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "product_id", "tagulous_product_tags_id") VALUES (OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."product_id", OLD."tagulous_product_tags_id"); RETURN NULL;', hash='3aec07ebff1842443c5e162a1a4faaaf396a85e7', operation='DELETE', pgid='pgtrigger_delete_delete_ffd8b', table='dojo_product_tags', when='AFTER')), + ), + migrations.AddField( + model_name='objectsproducttagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.objectsproducttags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='objectsproducttags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_objects_product_tagsevent" ("id", "objects_product_id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_objects_product_tags_id") VALUES (NEW."id", NEW."objects_product_id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_objects_product_tags_id"); RETURN NULL;', hash='3a3be81af7bd67dc733b8c0ff3494fbf28150023', operation='INSERT', pgid='pgtrigger_insert_insert_e788c', table='dojo_objects_product_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='objectsproducttags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_objects_product_tagsevent" ("id", "objects_product_id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_objects_product_tags_id") VALUES (OLD."id", OLD."objects_product_id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_objects_product_tags_id"); RETURN NULL;', hash='7a99a469fabe4bb6577296c0b9020360dc3c6d90', operation='DELETE', pgid='pgtrigger_delete_delete_fd691', table='dojo_objects_product_tags', when='AFTER')), + ), + migrations.AddField( + model_name='findingtemplatetagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.findingtemplatetags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='findingtemplatetags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_template_tagsevent" ("finding_template_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_template_tags_id") VALUES (NEW."finding_template_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_finding_template_tags_id"); RETURN NULL;', hash='2042e7eadc5ed02cd894c23f91b69c6c753ca01f', operation='INSERT', pgid='pgtrigger_insert_insert_9fd0c', table='dojo_finding_template_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='findingtemplatetags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_template_tagsevent" ("finding_template_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_template_tags_id") VALUES (OLD."finding_template_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_finding_template_tags_id"); RETURN NULL;', hash='e7030e3f86fa4b61a75d563ce800dbecffc5175a', operation='DELETE', pgid='pgtrigger_delete_delete_4e97d', table='dojo_finding_template_tags', when='AFTER')), + ), + migrations.AddField( + model_name='findingtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.findingtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='findingtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_tagsevent" ("finding_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_tags_id") VALUES (NEW."finding_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_finding_tags_id"); RETURN NULL;', hash='28659b6f80c6cdf199fb7179a3578d34493e27e0', operation='INSERT', pgid='pgtrigger_insert_insert_1eb5d', table='dojo_finding_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='findingtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_tagsevent" ("finding_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_tags_id") VALUES (OLD."finding_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_finding_tags_id"); RETURN NULL;', hash='98dbf1b224996e4df1b2059cc1518e7b7f4a7932', operation='DELETE', pgid='pgtrigger_delete_delete_33c36', table='dojo_finding_tags', when='AFTER')), + ), + migrations.AddField( + model_name='findinginheritedtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.findinginheritedtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='findinginheritedtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_inherited_tagsevent" ("finding_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_inherited_tags_id") VALUES (NEW."finding_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_finding_inherited_tags_id"); RETURN NULL;', hash='09f4e42a57b0dd72f7e3773668aad2ad049222d7', operation='INSERT', pgid='pgtrigger_insert_insert_993d5', table='dojo_finding_inherited_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='findinginheritedtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_finding_inherited_tagsevent" ("finding_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_finding_inherited_tags_id") VALUES (OLD."finding_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_finding_inherited_tags_id"); RETURN NULL;', hash='b7440285045b0fbb627a06f97960ad5598b2313c', operation='DELETE', pgid='pgtrigger_delete_delete_76e02', table='dojo_finding_inherited_tags', when='AFTER')), + ), + migrations.AddField( + model_name='engagementtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.engagementtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='engagementtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_engagement_tagsevent" ("engagement_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_engagement_tags_id") VALUES (NEW."engagement_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_engagement_tags_id"); RETURN NULL;', hash='2e692e0a9b357074dbb7f78d94a278280fd2ce80', operation='INSERT', pgid='pgtrigger_insert_insert_120d9', table='dojo_engagement_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='engagementtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_engagement_tagsevent" ("engagement_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_engagement_tags_id") VALUES (OLD."engagement_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_engagement_tags_id"); RETURN NULL;', hash='64c73debfbd0a489aa534c0041ea761b9c2f295d', operation='DELETE', pgid='pgtrigger_delete_delete_98aad', table='dojo_engagement_tags', when='AFTER')), + ), + migrations.AddField( + model_name='engagementinheritedtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.engagementinheritedtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='engagementinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_engagement_inherited_tagsevent" ("engagement_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_engagement_inherited_tags_id") VALUES (NEW."engagement_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_engagement_inherited_tags_id"); RETURN NULL;', hash='a9be62471f0fdc7bd155366fc7007213c738164f', operation='INSERT', pgid='pgtrigger_insert_insert_855ad', table='dojo_engagement_inherited_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='engagementinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_engagement_inherited_tagsevent" ("engagement_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_engagement_inherited_tags_id") VALUES (OLD."engagement_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_engagement_inherited_tags_id"); RETURN NULL;', hash='411901ed6e39707858bf8227320f538417ca4f25', operation='DELETE', pgid='pgtrigger_delete_delete_cf21e', table='dojo_engagement_inherited_tags', when='AFTER')), + ), + migrations.AddField( + model_name='endpointtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.endpointtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='endpointtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_endpoint_tagsevent" ("endpoint_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_endpoint_tags_id") VALUES (NEW."endpoint_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_endpoint_tags_id"); RETURN NULL;', hash='54528d671775f2c372a5f5da6f401520d8e116fa', operation='INSERT', pgid='pgtrigger_insert_insert_837e0', table='dojo_endpoint_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='endpointtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_endpoint_tagsevent" ("endpoint_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_endpoint_tags_id") VALUES (OLD."endpoint_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_endpoint_tags_id"); RETURN NULL;', hash='22eb230282dfb2dcf630f3a720a93dfffc01fc4b', operation='DELETE', pgid='pgtrigger_delete_delete_7e055', table='dojo_endpoint_tags', when='AFTER')), + ), + migrations.AddField( + model_name='endpointinheritedtagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.endpointinheritedtags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='endpointinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_endpoint_inherited_tagsevent" ("endpoint_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_endpoint_inherited_tags_id") VALUES (NEW."endpoint_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_endpoint_inherited_tags_id"); RETURN NULL;', hash='8ebfc851b15cd7145a96d3ee79a46fe1e282fe9a', operation='INSERT', pgid='pgtrigger_insert_insert_ae8cb', table='dojo_endpoint_inherited_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='endpointinheritedtags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_endpoint_inherited_tagsevent" ("endpoint_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_endpoint_inherited_tags_id") VALUES (OLD."endpoint_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_endpoint_inherited_tags_id"); RETURN NULL;', hash='c46826afff7b1c5003cf9b2e63e7561162acb246', operation='DELETE', pgid='pgtrigger_delete_delete_61262', table='dojo_endpoint_inherited_tags', when='AFTER')), + ), + migrations.AddField( + model_name='appanalysistagsevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.appanalysistags'), + ), + pgtrigger.migrations.AddTrigger( + model_name='appanalysistags', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_app_analysis_tagsevent" ("app_analysis_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_app_analysis_tags_id") VALUES (NEW."app_analysis_id", NEW."id", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."tagulous_app_analysis_tags_id"); RETURN NULL;', hash='875a21821568923f9501a14045b6f4940abc22b2', operation='INSERT', pgid='pgtrigger_insert_insert_32e07', table='dojo_app_analysis_tags', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='appanalysistags', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_app_analysis_tagsevent" ("app_analysis_id", "id", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "tagulous_app_analysis_tags_id") VALUES (OLD."app_analysis_id", OLD."id", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."tagulous_app_analysis_tags_id"); RETURN NULL;', hash='3f36b0e570ab38178e2726b95aa04dcb0f556b3a', operation='DELETE', pgid='pgtrigger_delete_delete_be593', table='dojo_app_analysis_tags', when='AFTER')), + ), + migrations.AddIndex( + model_name='testtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_test_t_pgh_cre_1d41c2_idx'), + ), + migrations.AddIndex( + model_name='testtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_test_t_pgh_lab_b894ca_idx'), + ), + migrations.AddIndex( + model_name='testtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_test_t_pgh_con_7c592e_idx'), + ), + migrations.AddIndex( + model_name='testinheritedtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_test_i_pgh_cre_73c863_idx'), + ), + migrations.AddIndex( + model_name='testinheritedtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_test_i_pgh_lab_db9d71_idx'), + ), + migrations.AddIndex( + model_name='testinheritedtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_test_i_pgh_con_510a5d_idx'), + ), + migrations.AddIndex( + model_name='producttagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_produc_pgh_cre_a9c5a4_idx'), + ), + migrations.AddIndex( + model_name='producttagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_produc_pgh_lab_8a473a_idx'), + ), + migrations.AddIndex( + model_name='producttagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_produc_pgh_con_f701d9_idx'), + ), + migrations.AddIndex( + model_name='objectsproducttagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_object_pgh_cre_2579c8_idx'), + ), + migrations.AddIndex( + model_name='objectsproducttagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_object_pgh_lab_47949d_idx'), + ), + migrations.AddIndex( + model_name='objectsproducttagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_object_pgh_con_5f4545_idx'), + ), + migrations.AddIndex( + model_name='findingtemplatetagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_findin_pgh_cre_aa9f4b_idx'), + ), + migrations.AddIndex( + model_name='findingtemplatetagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_findin_pgh_lab_cd8b0e_idx'), + ), + migrations.AddIndex( + model_name='findingtemplatetagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_findin_pgh_con_a7d0f3_idx'), + ), + migrations.AddIndex( + model_name='findingtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_findin_pgh_cre_7e9c2f_idx'), + ), + migrations.AddIndex( + model_name='findingtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_findin_pgh_lab_6709ac_idx'), + ), + migrations.AddIndex( + model_name='findingtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_findin_pgh_con_fc3070_idx'), + ), + migrations.AddIndex( + model_name='findinginheritedtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_findin_pgh_cre_ee9f6f_idx'), + ), + migrations.AddIndex( + model_name='findinginheritedtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_findin_pgh_lab_a77d90_idx'), + ), + migrations.AddIndex( + model_name='findinginheritedtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_findin_pgh_con_625c0f_idx'), + ), + migrations.AddIndex( + model_name='engagementtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_engage_pgh_cre_77f508_idx'), + ), + migrations.AddIndex( + model_name='engagementtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_engage_pgh_lab_885a5f_idx'), + ), + migrations.AddIndex( + model_name='engagementtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_engage_pgh_con_651ff3_idx'), + ), + migrations.AddIndex( + model_name='engagementinheritedtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_engage_pgh_cre_6e06e6_idx'), + ), + migrations.AddIndex( + model_name='engagementinheritedtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_engage_pgh_lab_f95370_idx'), + ), + migrations.AddIndex( + model_name='engagementinheritedtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_engage_pgh_con_f223c1_idx'), + ), + migrations.AddIndex( + model_name='endpointtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_endpoi_pgh_cre_1a1c71_idx'), + ), + migrations.AddIndex( + model_name='endpointtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_endpoi_pgh_lab_df7786_idx'), + ), + migrations.AddIndex( + model_name='endpointtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_endpoi_pgh_con_ee9c33_idx'), + ), + migrations.AddIndex( + model_name='endpointinheritedtagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_endpoi_pgh_cre_8acc46_idx'), + ), + migrations.AddIndex( + model_name='endpointinheritedtagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_endpoi_pgh_lab_6a82e5_idx'), + ), + migrations.AddIndex( + model_name='endpointinheritedtagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_endpoi_pgh_con_3a42bf_idx'), + ), + migrations.AddIndex( + model_name='appanalysistagsevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_app_an_pgh_cre_d85011_idx'), + ), + migrations.AddIndex( + model_name='appanalysistagsevent', + index=models.Index(fields=['pgh_label'], name='dojo_app_an_pgh_lab_9376be_idx'), + ), + migrations.AddIndex( + model_name='appanalysistagsevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_app_an_pgh_con_0a75f3_idx'), + ), + ] diff --git a/dojo/db_migrations/0257_pghistory_tags_backfill.py b/dojo/db_migrations/0257_pghistory_tags_backfill.py new file mode 100644 index 00000000000..d4c016073fc --- /dev/null +++ b/dojo/db_migrations/0257_pghistory_tags_backfill.py @@ -0,0 +1,96 @@ +# Generated manually for pghistory tag models initial backfill + +import logging + +from django.conf import settings +from django.db import migrations + +from dojo.auditlog import process_model_backfill + +logger = logging.getLogger(__name__) + +# Tag through models to backfill +TAG_MODELS = [ + "FindingTags", + "FindingInheritedTags", + "ProductTags", + "EngagementTags", + "EngagementInheritedTags", + "TestTags", + "TestInheritedTags", + "EndpointTags", + "EndpointInheritedTags", + "FindingTemplateTags", + "AppAnalysisTags", + "ObjectsProductTags", +] + + +def backfill_pghistory_tag_tables(apps, schema_editor): + """ + Backfill pghistory tag tables with initial snapshots of existing records. + + This migration is fail-safe: if it fails for some reason, it will continue + where it left off on the next run, as it only processes records that don't + already have initial_backfill events. + """ + # Skip if auditlog is not enabled + if not settings.ENABLE_AUDITLOG: + logger.info("pghistory is not enabled. Skipping tag backfill.") + return + + # Check if we can use COPY (PostgreSQL only) + if settings.DATABASES["default"]["ENGINE"] != "django.db.backends.postgresql": + logger.warning( + "COPY operations only available with PostgreSQL. " + "Skipping backfill. Use the pghistory_backfill command instead.", + ) + return + + # Progress callback for migration logging + def progress_callback(msg, style=None): + """Progress callback that logs to Django's logger.""" + if style == "ERROR": + logger.error(msg) + elif style == "WARNING": + logger.warning(msg) + elif style == "SUCCESS": + logger.info(msg) + elif style == "DEBUG": + logger.debug(msg) + else: + logger.info(msg) + + logger.info(f"Starting pghistory backfill for {len(TAG_MODELS)} tag model(s)...") + + total_processed = 0 + for model_name in TAG_MODELS: + logger.info(f"Processing {model_name}...") + try: + processed, _ = process_model_backfill( + model_name=model_name, + batch_size=10000, + dry_run=False, + progress_callback=progress_callback, + ) + total_processed += processed + except Exception as e: + logger.exception(f"Failed to backfill {model_name}: {e}") + # Continue with other models even if one fails + continue + + logger.info(f"Pghistory tag backfill complete: Processed {total_processed:,} records") + + +class Migration(migrations.Migration): + + dependencies = [ + ("dojo", "0256_pghistory_for_tags_models"), + ] + + operations = [ + migrations.RunPython( + backfill_pghistory_tag_tables, + reverse_code=migrations.RunPython.noop, + ), + ] diff --git a/dojo/db_migrations/0258_alter_answer_options_alter_choiceanswer_options_and_more.py b/dojo/db_migrations/0258_alter_answer_options_alter_choiceanswer_options_and_more.py new file mode 100644 index 00000000000..76974c8db9d --- /dev/null +++ b/dojo/db_migrations/0258_alter_answer_options_alter_choiceanswer_options_and_more.py @@ -0,0 +1,33 @@ +# Generated by Django 5.2.9 on 2026-01-14 09:27 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0257_pghistory_tags_backfill'), + ] + + operations = [ + migrations.AlterModelOptions( + name='answer', + options={}, + ), + migrations.AlterModelOptions( + name='choiceanswer', + options={}, + ), + migrations.AlterModelOptions( + name='choicequestion', + options={}, + ), + migrations.AlterModelOptions( + name='textanswer', + options={}, + ), + migrations.AlterModelOptions( + name='textquestion', + options={}, + ), + ] diff --git a/dojo/db_migrations/0259_locations.py b/dojo/db_migrations/0259_locations.py new file mode 100644 index 00000000000..0aa0fa1a034 --- /dev/null +++ b/dojo/db_migrations/0259_locations.py @@ -0,0 +1,433 @@ +# Generated by Django 5.2.9 on 2026-02-01 01:40 + +import django.core.validators +import django.db.models.deletion +import dojo.base_models.validators +import dojo.url.validators +import pgtrigger.compiler +import pgtrigger.migrations +import tagulous.models.fields +import tagulous.models.models +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0258_alter_answer_options_alter_choiceanswer_options_and_more'), + ('pghistory', '0007_auto_20250421_0444'), + ] + + operations = [ + migrations.CreateModel( + name='Location', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('location_type', models.CharField(editable=False, help_text='The type of location that is stored. This field is automatically managed', max_length=12, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location type')), + ('location_value', models.CharField(editable=False, help_text='The string representation of a given location. This field is automatically managed', max_length=2048, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location Value')), + ], + options={ + 'verbose_name': 'Locations - Location', + 'verbose_name_plural': 'Locations - Locations', + }, + ), + migrations.CreateModel( + name='LocationEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('location_type', models.CharField(editable=False, help_text='The type of location that is stored. This field is automatically managed', max_length=12, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location type')), + ('location_value', models.CharField(editable=False, help_text='The string representation of a given location. This field is automatically managed', max_length=2048, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Location Value')), + ], + options={ + 'abstract': False, + }, + ), + migrations.CreateModel( + name='LocationFindingReference', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('audit_time', models.DateTimeField(blank=True, editable=False, help_text='The time when the audit was performed', null=True)), + ('status', models.CharField(choices=[('Active', 'Active'), ('Mitigated', 'Mitigated'), ('FalsePositive', 'False Positive'), ('RiskAccepted', 'Risk Accepted'), ('OutOfScope', 'Out Of Scope')], default='Active', help_text='The status of the the given Location', max_length=16, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Status')), + ], + options={ + 'verbose_name': 'Locations - FindingReference', + 'verbose_name_plural': 'Locations - FindingReferences', + }, + ), + migrations.CreateModel( + name='LocationProductReference', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created')), + ('updated', models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated')), + ('status', models.CharField(choices=[('Active', 'Active'), ('Mitigated', 'Mitigated')], default='Mitigated', help_text='The status of the the given Location', max_length=16, validators=[dojo.base_models.validators.validate_not_empty], verbose_name='Status')), + ], + options={ + 'verbose_name': 'Locations - ProductReference', + 'verbose_name_plural': 'Locations - ProductReferences', + }, + ), + migrations.CreateModel( + name='Tagulous_Location_inherited_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='Tagulous_Location_tags', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=255, unique=True)), + ('slug', models.SlugField()), + ('count', models.IntegerField(default=0, help_text='Internal counter of how many times this tag is in use')), + ('protected', models.BooleanField(default=False, help_text='Will not be deleted when the count reaches 0')), + ], + options={ + 'ordering': ('name',), + 'abstract': False, + }, + bases=(tagulous.models.models.BaseTagModel, models.Model), + ), + migrations.CreateModel( + name='URL', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('protocol', models.CharField(blank=True, default='', help_text='The protocol of the URL (e.g., http, https, ftp, etc.)', max_length=10, validators=[dojo.url.validators.validate_protocol])), + ('user_info', models.CharField(blank=True, default='', help_text='Connection details for a given user', max_length=512, validators=[dojo.url.validators.validate_user_info])), + ('host', models.CharField(help_text='The host of the URL, which can be a domain name or an IP address', max_length=256, validators=[dojo.base_models.validators.validate_not_empty])), + ('port', models.PositiveIntegerField(blank=True, help_text='The port number of the URL (optional)', null=True, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])), + ('path', models.CharField(blank=True, default='', help_text='The path of the URL (optional),', max_length=2048)), + ('query', models.CharField(blank=True, default='', help_text='The query string of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_query])), + ('fragment', models.CharField(blank=True, default='', help_text='The fragment identifier of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_fragment])), + ('host_validation_failure', models.BooleanField(default=False, help_text='Dictates whether the endpoint was found to have host validation issues during creation')), + ('hash', models.CharField(editable=False, help_text='The hash of the URL for uniqueness', max_length=64, unique=True, validators=[django.core.validators.MinLengthValidator(64)])), + ], + options={ + 'verbose_name': 'Locations - URL', + 'verbose_name_plural': 'Locations - URLs', + }, + ), + migrations.CreateModel( + name='URLEvent', + fields=[ + ('pgh_id', models.AutoField(primary_key=True, serialize=False)), + ('pgh_created_at', models.DateTimeField(auto_now_add=True)), + ('pgh_label', models.TextField(help_text='The event label.')), + ('id', models.IntegerField()), + ('protocol', models.CharField(blank=True, default='', help_text='The protocol of the URL (e.g., http, https, ftp, etc.)', max_length=10, validators=[dojo.url.validators.validate_protocol])), + ('user_info', models.CharField(blank=True, default='', help_text='Connection details for a given user', max_length=512, validators=[dojo.url.validators.validate_user_info])), + ('host', models.CharField(help_text='The host of the URL, which can be a domain name or an IP address', max_length=256, validators=[dojo.base_models.validators.validate_not_empty])), + ('port', models.PositiveIntegerField(blank=True, help_text='The port number of the URL (optional)', null=True, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])), + ('path', models.CharField(blank=True, default='', help_text='The path of the URL (optional),', max_length=2048)), + ('query', models.CharField(blank=True, default='', help_text='The query string of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_query])), + ('fragment', models.CharField(blank=True, default='', help_text='The fragment identifier of the URL (optional)', max_length=2048, validators=[dojo.url.validators.validate_fragment])), + ('host_validation_failure', models.BooleanField(default=False, help_text='Dictates whether the endpoint was found to have host validation issues during creation')), + ('hash', models.CharField(editable=False, help_text='The hash of the URL for uniqueness', max_length=64, validators=[django.core.validators.MinLengthValidator(64)])), + ], + options={ + 'abstract': False, + }, + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='insert_insert', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='update_update', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='delete_delete', + ), + migrations.AddField( + model_name='finding', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AddField( + model_name='findingevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='engagement', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='engagement', + name='status', + field=models.CharField(choices=[('Not Started', 'Not Started'), ('Blocked', 'Blocked'), ('Cancelled', 'Cancelled'), ('Completed', 'Completed'), ('In Progress', 'In Progress'), ('On Hold', 'On Hold'), ('Waiting for Resource', 'Waiting for Resource')], default='Not Started', max_length=2000, null=True), + ), + migrations.AlterField( + model_name='engagement', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='engagementevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='engagementevent', + name='status', + field=models.CharField(choices=[('Not Started', 'Not Started'), ('Blocked', 'Blocked'), ('Cancelled', 'Cancelled'), ('Completed', 'Completed'), ('In Progress', 'In Progress'), ('On Hold', 'On Hold'), ('Waiting for Resource', 'Waiting for Resource')], default='Not Started', max_length=2000, null=True), + ), + migrations.AlterField( + model_name='engagementevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='finding', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='findingevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='product_type', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product_type', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='product_typeevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='product_typeevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + migrations.AlterField( + model_name='productevent', + name='created', + field=models.DateTimeField(auto_now_add=True, help_text='Time that the object was initially created, and saved to the database', null=True, verbose_name='Created'), + ), + migrations.AlterField( + model_name='productevent', + name='updated', + field=models.DateTimeField(auto_now=True, help_text='Time that the object was most recently saved to the database', null=True, verbose_name='Updated'), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."updated", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='b8eea714d4e92bd779ff82939552ad55346d949f', operation='INSERT', pgid='pgtrigger_insert_insert_2fbbb', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."active" IS DISTINCT FROM (NEW."active") OR OLD."component_name" IS DISTINCT FROM (NEW."component_name") OR OLD."component_version" IS DISTINCT FROM (NEW."component_version") OR OLD."cve" IS DISTINCT FROM (NEW."cve") OR OLD."cvssv3" IS DISTINCT FROM (NEW."cvssv3") OR OLD."cvssv3_score" IS DISTINCT FROM (NEW."cvssv3_score") OR OLD."cvssv4" IS DISTINCT FROM (NEW."cvssv4") OR OLD."cvssv4_score" IS DISTINCT FROM (NEW."cvssv4_score") OR OLD."cwe" IS DISTINCT FROM (NEW."cwe") OR OLD."date" IS DISTINCT FROM (NEW."date") OR OLD."defect_review_requested_by_id" IS DISTINCT FROM (NEW."defect_review_requested_by_id") OR OLD."description" IS DISTINCT FROM (NEW."description") OR OLD."duplicate" IS DISTINCT FROM (NEW."duplicate") OR OLD."duplicate_finding_id" IS DISTINCT FROM (NEW."duplicate_finding_id") OR OLD."dynamic_finding" IS DISTINCT FROM (NEW."dynamic_finding") OR OLD."effort_for_fixing" IS DISTINCT FROM (NEW."effort_for_fixing") OR OLD."epss_percentile" IS DISTINCT FROM (NEW."epss_percentile") OR OLD."epss_score" IS DISTINCT FROM (NEW."epss_score") OR OLD."false_p" IS DISTINCT FROM (NEW."false_p") OR OLD."file_path" IS DISTINCT FROM (NEW."file_path") OR OLD."fix_available" IS DISTINCT FROM (NEW."fix_available") OR OLD."fix_version" IS DISTINCT FROM (NEW."fix_version") OR OLD."hash_code" IS DISTINCT FROM (NEW."hash_code") OR OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."impact" IS DISTINCT FROM (NEW."impact") OR OLD."is_mitigated" IS DISTINCT FROM (NEW."is_mitigated") OR OLD."kev_date" IS DISTINCT FROM (NEW."kev_date") OR OLD."known_exploited" IS DISTINCT FROM (NEW."known_exploited") OR OLD."last_reviewed" IS DISTINCT FROM (NEW."last_reviewed") OR OLD."last_reviewed_by_id" IS DISTINCT FROM (NEW."last_reviewed_by_id") OR OLD."line" IS DISTINCT FROM (NEW."line") OR OLD."mitigated" IS DISTINCT FROM (NEW."mitigated") OR OLD."mitigated_by_id" IS DISTINCT FROM (NEW."mitigated_by_id") OR OLD."mitigation" IS DISTINCT FROM (NEW."mitigation") OR OLD."nb_occurences" IS DISTINCT FROM (NEW."nb_occurences") OR OLD."numerical_severity" IS DISTINCT FROM (NEW."numerical_severity") OR OLD."out_of_scope" IS DISTINCT FROM (NEW."out_of_scope") OR OLD."param" IS DISTINCT FROM (NEW."param") OR OLD."payload" IS DISTINCT FROM (NEW."payload") OR OLD."planned_remediation_date" IS DISTINCT FROM (NEW."planned_remediation_date") OR OLD."planned_remediation_version" IS DISTINCT FROM (NEW."planned_remediation_version") OR OLD."publish_date" IS DISTINCT FROM (NEW."publish_date") OR OLD."ransomware_used" IS DISTINCT FROM (NEW."ransomware_used") OR OLD."refs" IS DISTINCT FROM (NEW."refs") OR OLD."reporter_id" IS DISTINCT FROM (NEW."reporter_id") OR OLD."review_requested_by_id" IS DISTINCT FROM (NEW."review_requested_by_id") OR OLD."risk_accepted" IS DISTINCT FROM (NEW."risk_accepted") OR OLD."sast_sink_object" IS DISTINCT FROM (NEW."sast_sink_object") OR OLD."sast_source_file_path" IS DISTINCT FROM (NEW."sast_source_file_path") OR OLD."sast_source_line" IS DISTINCT FROM (NEW."sast_source_line") OR OLD."sast_source_object" IS DISTINCT FROM (NEW."sast_source_object") OR OLD."scanner_confidence" IS DISTINCT FROM (NEW."scanner_confidence") OR OLD."service" IS DISTINCT FROM (NEW."service") OR OLD."severity" IS DISTINCT FROM (NEW."severity") OR OLD."severity_justification" IS DISTINCT FROM (NEW."severity_justification") OR OLD."sla_expiration_date" IS DISTINCT FROM (NEW."sla_expiration_date") OR OLD."sla_start_date" IS DISTINCT FROM (NEW."sla_start_date") OR OLD."sonarqube_issue_id" IS DISTINCT FROM (NEW."sonarqube_issue_id") OR OLD."static_finding" IS DISTINCT FROM (NEW."static_finding") OR OLD."steps_to_reproduce" IS DISTINCT FROM (NEW."steps_to_reproduce") OR OLD."test_id" IS DISTINCT FROM (NEW."test_id") OR OLD."thread_id" IS DISTINCT FROM (NEW."thread_id") OR OLD."title" IS DISTINCT FROM (NEW."title") OR OLD."under_defect_review" IS DISTINCT FROM (NEW."under_defect_review") OR OLD."under_review" IS DISTINCT FROM (NEW."under_review") OR OLD."unique_id_from_tool" IS DISTINCT FROM (NEW."unique_id_from_tool") OR OLD."url" IS DISTINCT FROM (NEW."url") OR OLD."verified" IS DISTINCT FROM (NEW."verified") OR OLD."vuln_id_from_tool" IS DISTINCT FROM (NEW."vuln_id_from_tool"))', func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."updated", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='3a8608f3269631a51e32dffe79021258c6c4af33', operation='UPDATE', pgid='pgtrigger_update_update_92175', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "updated", "url", "verified", "vuln_id_from_tool") VALUES (OLD."active", OLD."component_name", OLD."component_version", OLD."created", OLD."cve", OLD."cvssv3", OLD."cvssv3_score", OLD."cvssv4", OLD."cvssv4_score", OLD."cwe", OLD."date", OLD."defect_review_requested_by_id", OLD."description", OLD."duplicate", OLD."duplicate_finding_id", OLD."dynamic_finding", OLD."effort_for_fixing", OLD."epss_percentile", OLD."epss_score", OLD."false_p", OLD."file_path", OLD."fix_available", OLD."fix_version", OLD."hash_code", OLD."id", OLD."impact", OLD."is_mitigated", OLD."kev_date", OLD."known_exploited", OLD."last_reviewed", OLD."last_reviewed_by_id", OLD."last_status_update", OLD."line", OLD."mitigated", OLD."mitigated_by_id", OLD."mitigation", OLD."nb_occurences", OLD."numerical_severity", OLD."out_of_scope", OLD."param", OLD."payload", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."planned_remediation_date", OLD."planned_remediation_version", OLD."publish_date", OLD."ransomware_used", OLD."refs", OLD."reporter_id", OLD."review_requested_by_id", OLD."risk_accepted", OLD."sast_sink_object", OLD."sast_source_file_path", OLD."sast_source_line", OLD."sast_source_object", OLD."scanner_confidence", OLD."service", OLD."severity", OLD."severity_justification", OLD."sla_expiration_date", OLD."sla_start_date", OLD."sonarqube_issue_id", OLD."static_finding", OLD."steps_to_reproduce", OLD."test_id", OLD."thread_id", OLD."title", OLD."under_defect_review", OLD."under_review", OLD."unique_id_from_tool", OLD."updated", OLD."url", OLD."verified", OLD."vuln_id_from_tool"); RETURN NULL;', hash='dd1240d046d5292ab4e6ce9cd193d921c9c2d309', operation='DELETE', pgid='pgtrigger_delete_delete_72933', table='dojo_finding', when='AFTER')), + ), + migrations.AlterUniqueTogether( + name='dojometa', + unique_together={('endpoint', 'name'), ('finding', 'name'), ('product', 'name')}, + ), + migrations.AddField( + model_name='dojometa', + name='location', + field=models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='location_meta', to='dojo.location'), + ), + migrations.AlterUniqueTogether( + name='dojometa', + unique_together={('endpoint', 'name'), ('finding', 'name'), ('location', 'name'), ('product', 'name')}, + ), + migrations.AddField( + model_name='locationevent', + name='pgh_context', + field=models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context'), + ), + migrations.AddField( + model_name='locationevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.location'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='auditor', + field=models.ForeignKey(blank=True, help_text='The user who audited the location', null=True, on_delete=django.db.models.deletion.RESTRICT, to='dojo.dojo_user'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='finding', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='locations', to='dojo.finding'), + ), + migrations.AddField( + model_name='locationfindingreference', + name='location', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='findings', to='dojo.location'), + ), + migrations.AddField( + model_name='locationproductreference', + name='location', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='products', to='dojo.location'), + ), + migrations.AddField( + model_name='locationproductreference', + name='product', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='locations', to='dojo.product'), + ), + migrations.AlterUniqueTogether( + name='tagulous_location_inherited_tags', + unique_together={('slug',)}, + ), + migrations.AddField( + model_name='location', + name='inherited_tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field', to='dojo.tagulous_location_inherited_tags'), + ), + migrations.AlterUniqueTogether( + name='tagulous_location_tags', + unique_together={('slug',)}, + ), + migrations.AddField( + model_name='location', + name='tags', + field=tagulous.models.fields.TagField(_set_tag_meta=True, blank=True, force_lowercase=True, help_text='A tag that can be used to differentiate a Location', related_name='location_tags', to='dojo.tagulous_location_tags', verbose_name='Tags'), + ), + migrations.AddField( + model_name='url', + name='location', + field=models.OneToOneField(editable=False, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s', to='dojo.location'), + ), + migrations.AddField( + model_name='urlevent', + name='location', + field=models.ForeignKey(db_constraint=False, db_index=False, editable=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', related_query_name='+', to='dojo.location'), + ), + migrations.AddField( + model_name='urlevent', + name='pgh_context', + field=models.ForeignKey(db_constraint=False, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='+', to='pghistory.context'), + ), + migrations.AddField( + model_name='urlevent', + name='pgh_obj', + field=models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.DO_NOTHING, related_name='events', to='dojo.url'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_locati_pgh_cre_f68343_idx'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_label'], name='dojo_locati_pgh_lab_a8d664_idx'), + ), + migrations.AddIndex( + model_name='locationevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_locati_pgh_con_4d6540_idx'), + ), + migrations.AddIndex( + model_name='locationfindingreference', + index=models.Index(fields=['location'], name='dojo_locati_locatio_b2391a_idx'), + ), + migrations.AddIndex( + model_name='locationfindingreference', + index=models.Index(fields=['finding'], name='dojo_locati_finding_37bd65_idx'), + ), + migrations.AddConstraint( + model_name='locationfindingreference', + constraint=models.UniqueConstraint(fields=('location', 'finding'), name='unique_location_and_finding'), + ), + migrations.AddIndex( + model_name='locationproductreference', + index=models.Index(fields=['location'], name='dojo_locati_locatio_98e7c1_idx'), + ), + migrations.AddIndex( + model_name='locationproductreference', + index=models.Index(fields=['product'], name='dojo_locati_product_9210d6_idx'), + ), + migrations.AddConstraint( + model_name='locationproductreference', + constraint=models.UniqueConstraint(fields=('location', 'product'), name='unique_location_and_product'), + ), + migrations.AddIndex( + model_name='location', + index=models.Index(fields=['location_type'], name='dojo_locati_locatio_72369b_idx'), + ), + migrations.AddIndex( + model_name='location', + index=models.Index(fields=['location_value'], name='dojo_locati_locatio_e7d251_idx'), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (NEW."created", NEW."id", NEW."location_type", NEW."location_value", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."updated"); RETURN NULL;', hash='645dec2b5ed2c7fadcead7f144854dc788300cb0', operation='INSERT', pgid='pgtrigger_insert_insert_d5ba2', table='dojo_location', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."location_type" IS DISTINCT FROM (NEW."location_type") OR OLD."location_value" IS DISTINCT FROM (NEW."location_value"))', func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (NEW."created", NEW."id", NEW."location_type", NEW."location_value", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."updated"); RETURN NULL;', hash='4c3d9633d78f12dba4637e94abe63b246578f24a', operation='UPDATE', pgid='pgtrigger_update_update_a892f', table='dojo_location', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='location', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_locationevent" ("created", "id", "location_type", "location_value", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "updated") VALUES (OLD."created", OLD."id", OLD."location_type", OLD."location_value", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."updated"); RETURN NULL;', hash='b8a61e7fc8b8a548b8f4035e6545f53ffd50a514', operation='DELETE', pgid='pgtrigger_delete_delete_73982', table='dojo_location', when='AFTER')), + ), + migrations.AddIndex( + model_name='url', + index=models.Index(fields=['host', 'hash'], name='dojo_url_host_25c32d_idx'), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (NEW."fragment", NEW."hash", NEW."host", NEW."host_validation_failure", NEW."id", NEW."location_id", NEW."path", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."port", NEW."protocol", NEW."query", NEW."user_info"); RETURN NULL;', hash='4b583222af9a9bb01a03c076e1a3bd0073045974', operation='INSERT', pgid='pgtrigger_insert_insert_9de22', table='dojo_url', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD.* IS DISTINCT FROM NEW.*)', func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (NEW."fragment", NEW."hash", NEW."host", NEW."host_validation_failure", NEW."id", NEW."location_id", NEW."path", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."port", NEW."protocol", NEW."query", NEW."user_info"); RETURN NULL;', hash='0609684577a76d699959271c7c1cbc909a1375ac', operation='UPDATE', pgid='pgtrigger_update_update_4785e', table='dojo_url', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='url', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_urlevent" ("fragment", "hash", "host", "host_validation_failure", "id", "location_id", "path", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "port", "protocol", "query", "user_info") VALUES (OLD."fragment", OLD."hash", OLD."host", OLD."host_validation_failure", OLD."id", OLD."location_id", OLD."path", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."port", OLD."protocol", OLD."query", OLD."user_info"); RETURN NULL;', hash='0017924395c4cdd15f087628ad6b741c99dd24b2', operation='DELETE', pgid='pgtrigger_delete_delete_ca7d6', table='dojo_url', when='AFTER')), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_created_at'], name='dojo_urleve_pgh_cre_de0a00_idx'), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_label'], name='dojo_urleve_pgh_lab_53223a_idx'), + ), + migrations.AddIndex( + model_name='urlevent', + index=models.Index(fields=['pgh_context_id'], name='dojo_urleve_pgh_con_b0d6dd_idx'), + ), + ] diff --git a/dojo/db_migrations/max_migration.txt b/dojo/db_migrations/max_migration.txt new file mode 100644 index 00000000000..ba12c472015 --- /dev/null +++ b/dojo/db_migrations/max_migration.txt @@ -0,0 +1 @@ +0259_locations diff --git a/dojo/decorators.py b/dojo/decorators.py index 91f6934b719..a2a5b91e56b 100644 --- a/dojo/decorators.py +++ b/dojo/decorators.py @@ -3,12 +3,12 @@ from functools import wraps from django.conf import settings -from django.db import models +from django.http import Http404 from django_ratelimit import UNSAFE from django_ratelimit.core import is_ratelimited from django_ratelimit.exceptions import Ratelimited -from dojo.models import Dojo_User, Finding +from dojo.models import Dojo_User logger = logging.getLogger(__name__) @@ -116,81 +116,6 @@ def __wrapper__(*args, **kwargs): return decorator(func) -# decorator with parameters needs another wrapper layer -# example usage: @dojo_model_to_id(parameter=0) but defaults to parameter=0 -def dojo_model_to_id(_func=None, *, parameter=0): - # logger.debug('dec_args:' + str(dec_args)) - # logger.debug('dec_kwargs:' + str(dec_kwargs)) - # logger.debug('_func:%s', _func) - - def dojo_model_to_id_internal(func, *args, **kwargs): - @wraps(func) - def __wrapper__(*args, **kwargs): - if not settings.CELERY_PASS_MODEL_BY_ID: - return func(*args, **kwargs) - - model_or_id = get_parameter_froms_args_kwargs(args, kwargs, parameter) - - if model_or_id: - if isinstance(model_or_id, models.Model) and we_want_async(*args, func=func, **kwargs): - logger.debug("converting model_or_id to id: %s", model_or_id) - args = list(args) - args[parameter] = model_or_id.id - - return func(*args, **kwargs) - - return __wrapper__ - - if _func is None: - # decorator called without parameters - return dojo_model_to_id_internal - return dojo_model_to_id_internal(_func) - - -# decorator with parameters needs another wrapper layer -# example usage: @dojo_model_from_id(parameter=0, model=Finding) but defaults to parameter 0 and model Finding -def dojo_model_from_id(_func=None, *, model=Finding, parameter=0): - # logger.debug('dec_args:' + str(dec_args)) - # logger.debug('dec_kwargs:' + str(dec_kwargs)) - # logger.debug('_func:%s', _func) - # logger.debug('model: %s', model) - - def dojo_model_from_id_internal(func, *args, **kwargs): - @wraps(func) - def __wrapper__(*args, **kwargs): - if not settings.CELERY_PASS_MODEL_BY_ID: - return func(*args, **kwargs) - - logger.debug("args:" + str(args)) - logger.debug("kwargs:" + str(kwargs)) - - logger.debug("checking if we need to convert id to model: %s for parameter: %s", model.__name__, parameter) - - model_or_id = get_parameter_froms_args_kwargs(args, kwargs, parameter) - - if model_or_id: - if not isinstance(model_or_id, models.Model) and we_want_async(*args, func=func, **kwargs): - logger.debug("instantiating model_or_id: %s for model: %s", model_or_id, model) - try: - instance = model.objects.get(id=model_or_id) - except model.DoesNotExist: - logger.warning("error instantiating model_or_id: %s for model: %s: DoesNotExist", model_or_id, model) - instance = None - args = list(args) - args[parameter] = instance - else: - logger.debug("model_or_id already a model instance %s for model: %s", model_or_id, model) - - return func(*args, **kwargs) - - return __wrapper__ - - if _func is None: - # decorator called without parameters - return dojo_model_from_id_internal - return dojo_model_from_id_internal(_func) - - def get_parameter_froms_args_kwargs(args, kwargs, parameter): model_or_id = None if isinstance(parameter, int): @@ -233,4 +158,21 @@ def _wrapped(request, *args, **kw): raise Ratelimited return fn(request, *args, **kw) return _wrapped + + return decorator + + +def require_v3_feature_set(): + """Decorator that raises 404 if the V3_FEATURE_LOCATIONS is False.""" + + def decorator(func): + @wraps(func) + def _wrapped_view(request, *args, **kwargs): + if not getattr(settings, "V3_FEATURE_LOCATIONS", False): + msg = "V3_FEATURE_LOCATIONS must be enabled." + raise Http404(msg) + return func(request, *args, **kwargs) + + return _wrapped_view + return decorator diff --git a/dojo/endpoint/queries.py b/dojo/endpoint/queries.py index 4a6f2ae56cd..f8336b75f75 100644 --- a/dojo/endpoint/queries.py +++ b/dojo/endpoint/queries.py @@ -1,5 +1,5 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import ( @@ -10,17 +10,20 @@ Product_Type_Group, Product_Type_Member, ) +from dojo.request_cache import cache_for_request -def get_authorized_endpoints(permission, queryset=None, user=None): - +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_endpoints(permission, user=None): + """Cached - returns all endpoints the user is authorized to see.""" if user is None: user = get_current_user() if user is None: return Endpoint.objects.none() - endpoints = Endpoint.objects.all().order_by("id") if queryset is None else queryset + endpoints = Endpoint.objects.all().order_by("id") if user.is_superuser: return endpoints @@ -29,41 +32,86 @@ def get_authorized_endpoints(permission, queryset=None, user=None): return endpoints roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - endpoints = endpoints.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return endpoints.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ) -def get_authorized_endpoint_status(permission, queryset=None, user=None): +def get_authorized_endpoints_for_queryset(permission, queryset, user=None): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" + if user is None: + user = get_current_user() + if user is None: + return Endpoint.objects.none() + + if user.is_superuser: + return queryset + + if user_has_global_permission(user, permission): + return queryset + + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return queryset.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ) + + +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_endpoint_status(permission, user=None): + """Cached - returns all endpoint statuses the user is authorized to see.""" if user is None: user = get_current_user() if user is None: return Endpoint_Status.objects.none() - endpoint_status = Endpoint_Status.objects.all().order_by("id") if queryset is None else queryset + endpoint_status = Endpoint_Status.objects.all().order_by("id") if user.is_superuser: return endpoint_status @@ -72,27 +120,70 @@ def get_authorized_endpoint_status(permission, queryset=None, user=None): return endpoint_status roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("endpoint__product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("endpoint__product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("endpoint__product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("endpoint__product_id"), - group__users=user, - role__in=roles) - endpoint_status = endpoint_status.annotate( - endpoint__product__prod_type__member=Exists(authorized_product_type_roles), - endpoint__product__member=Exists(authorized_product_roles), - endpoint__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - endpoint__product__authorized_group=Exists(authorized_product_groups)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return endpoint_status.filter( - Q(endpoint__product__prod_type__member=True) | Q(endpoint__product__member=True) - | Q(endpoint__product__prod_type__authorized_group=True) | Q(endpoint__product__authorized_group=True)) + Q(endpoint__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(endpoint__product_id__in=Subquery(authorized_product_roles)) + | Q(endpoint__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(endpoint__product_id__in=Subquery(authorized_product_groups)), + ) + + +def get_authorized_endpoint_status_for_queryset(permission, queryset, user=None): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" + if user is None: + user = get_current_user() + + if user is None: + return Endpoint_Status.objects.none() + + if user.is_superuser: + return queryset + + if user_has_global_permission(user, permission): + return queryset + + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return queryset.filter( + Q(endpoint__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(endpoint__product_id__in=Subquery(authorized_product_roles)) + | Q(endpoint__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(endpoint__product_id__in=Subquery(authorized_product_groups)), + ) diff --git a/dojo/endpoint/urls.py b/dojo/endpoint/urls.py index 290f32961a2..94f6fbdcdb7 100644 --- a/dojo/endpoint/urls.py +++ b/dojo/endpoint/urls.py @@ -24,9 +24,9 @@ name="delete_endpoint"), re_path(r"^endpoints/add$", views.add_product_endpoint, name="add_product_endpoint"), - re_path(r"^endpoint/(?P\d+)/add_meta_data$", views.add_meta_data, + re_path(r"^endpoint/(?P\d+)/add_meta_data$", views.manage_meta_data, name="add_endpoint_meta_data"), - re_path(r"^endpoint/(?P\d+)/edit_meta_data$", views.edit_meta_data, + re_path(r"^endpoint/(?P\d+)/edit_meta_data$", views.manage_meta_data, name="edit_endpoint_meta_data"), re_path(r"^endpoint/bulk$", views.endpoint_bulk_update_all, name="endpoints_bulk_all"), @@ -38,4 +38,8 @@ name="endpoint_migrate"), re_path(r"^endpoint/(?P\d+)/import_endpoint_meta$", views.import_endpoint_meta, name="import_endpoint_meta"), + re_path(r"^endpoint/(?P\d+)/report$", views.endpoint_report, + name="endpoint_report"), + re_path(r"^endpoint/host/(?P\d+)/report$", views.endpoint_host_report, + name="endpoint_host_report"), ] diff --git a/dojo/endpoint/utils.py b/dojo/endpoint/utils.py index 75f81e60827..87ef66830fd 100644 --- a/dojo/endpoint/utils.py +++ b/dojo/endpoint/utils.py @@ -11,7 +11,9 @@ from django.urls import reverse from hyperlink._url import SCHEME_PORT_MAP # noqa: PLC2701 +from dojo.location.models import Location from dojo.models import DojoMeta, Endpoint +from dojo.url.models import URL logger = logging.getLogger(__name__) @@ -295,7 +297,7 @@ def save_endpoints_to_add(endpoint_list, product): return processed_endpoints -def endpoint_meta_import(file, product, create_endpoints, create_tags, create_meta, origin="UI", request=None): +def endpoint_meta_import(file, product, create_endpoints, create_tags, create_meta, origin="UI", request=None, object_class=Endpoint): content = file.read() sig = content.decode("utf-8-sig") content = sig.encode("utf-8") @@ -324,9 +326,17 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me if not host: continue - endpoints = Endpoint.objects.filter(host=host, product=product) - if not endpoints.count() and create_endpoints: - endpoints = [Endpoint.objects.create(host=host, product=product)] + # TODO: Delete this after the move to Locations + if object_class == Endpoint: + endpoints = Endpoint.objects.filter(host=host, product=product) + if not endpoints.exists() and create_endpoints: + endpoints = [Endpoint.objects.create(host=host, product=product)] + elif object_class == Location: + endpoints = Location.objects.filter(url__host=host, products__product=product) + if not endpoints.exists() and create_endpoints: + url = URL.get_or_create_from_values(host=host) + url.location.associate_with_product(product) + endpoints = [url.location] meta = [(key, row.get(key)) for key in keys] for endpoint in endpoints: @@ -336,9 +346,15 @@ def endpoint_meta_import(file, product, create_endpoints, create_tags, create_me if item[1] is not None and len(item[1]) > 0: if create_meta: # check if meta exists first. Don't want to make duplicate endpoints - dojo_meta, _create = DojoMeta.objects.get_or_create( - endpoint=endpoint, - name=item[0]) + # TODO: Delete this after the move to Locations + if object_class == Endpoint: + dojo_meta = DojoMeta.objects.get_or_create( + endpoint=endpoint, + name=item[0])[0] + elif object_class == Location: + dojo_meta = DojoMeta.objects.get_or_create( + location=endpoint, + name=item[0])[0] dojo_meta.value = item[1] dojo_meta.save() if create_tags: diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 561a0135d45..f66869d35b2 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -18,12 +18,19 @@ from dojo.authorization.authorization import user_has_permission_or_403 from dojo.authorization.authorization_decorators import user_is_authorized from dojo.authorization.roles_permissions import Permissions -from dojo.endpoint.queries import get_authorized_endpoints +from dojo.endpoint.queries import get_authorized_endpoints_for_queryset from dojo.endpoint.utils import clean_hosts_run, endpoint_meta_import from dojo.filters import EndpointFilter, EndpointFilterWithoutObjectLookups -from dojo.forms import AddEndpointForm, DeleteEndpointForm, DojoMetaDataForm, EditEndpointForm, ImportEndpointMetaForm +from dojo.forms import ( + AddEndpointForm, + DeleteEndpointForm, + DojoMetaFormSet, + EditEndpointForm, + ImportEndpointMetaForm, +) from dojo.models import DojoMeta, Endpoint, Endpoint_Status, Finding, Product from dojo.query_utils import build_count_subquery +from dojo.reports.views import generate_report from dojo.utils import ( Product_Tab, add_breadcrumb, @@ -52,7 +59,7 @@ def process_endpoints_view(request, *, host_view=False, vulnerable=False): endpoints = Endpoint.objects.all() endpoints = endpoints.prefetch_related("product", "product__tags", "tags").distinct() - endpoints = get_authorized_endpoints(Permissions.Endpoint_View, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_View, endpoints, request.user) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter if host_view: @@ -167,17 +174,17 @@ def process_endpoint_view(request, eid, *, host_view=False): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") def view_endpoint(request, eid): return process_endpoint_view(request, eid, host_view=False) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") def view_endpoint_host(request, eid): return process_endpoint_view(request, eid, host_view=True) -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") +@user_is_authorized(Endpoint, Permissions.Location_Edit, "eid") def edit_endpoint(request, eid): endpoint = get_object_or_404(Endpoint, id=eid) @@ -205,7 +212,7 @@ def edit_endpoint(request, eid): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_Delete, "eid") +@user_is_authorized(Endpoint, Permissions.Location_Delete, "eid") def delete_endpoint(request, eid): endpoint = get_object_or_404(Endpoint, pk=eid) product = endpoint.product @@ -240,7 +247,7 @@ def delete_endpoint(request, eid): }) -@user_is_authorized(Product, Permissions.Endpoint_Add, "pid") +@user_is_authorized(Product, Permissions.Location_Add, "pid") def add_endpoint(request, pid): product = get_object_or_404(Product, id=pid) template = "dojo/add_endpoint.html" @@ -273,7 +280,7 @@ def add_product_endpoint(request): if request.method == "POST": form = AddEndpointForm(request.POST) if form.is_valid(): - user_has_permission_or_403(request.user, form.product, Permissions.Endpoint_Add) + user_has_permission_or_403(request.user, form.product, Permissions.Location_Add) endpoints = form.save() tags = request.POST.get("tags") for e in endpoints: @@ -292,64 +299,29 @@ def add_product_endpoint(request): }) -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") -def add_meta_data(request, eid): - endpoint = Endpoint.objects.get(id=eid) - if request.method == "POST": - form = DojoMetaDataForm(request.POST, instance=DojoMeta(endpoint=endpoint)) - if form.is_valid(): - form.save() - messages.add_message(request, - messages.SUCCESS, - "Metadata added successfully.", - extra_tags="alert-success") - if "add_another" in request.POST: - return HttpResponseRedirect(reverse("add_endpoint_meta_data", args=(eid,))) - return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) - else: - form = DojoMetaDataForm() - - add_breadcrumb(parent=endpoint, title="Add Metadata", top_level=False, request=request) - product_tab = Product_Tab(endpoint.product, "Add Metadata", tab="endpoints") - return render(request, - "dojo/add_endpoint_meta_data.html", - {"form": form, - "product_tab": product_tab, - "endpoint": endpoint, - }) - - -@user_is_authorized(Endpoint, Permissions.Endpoint_Edit, "eid") -def edit_meta_data(request, eid): +@user_is_authorized(Endpoint, Permissions.Location_Edit, "eid") +def manage_meta_data(request, eid): endpoint = Endpoint.objects.get(id=eid) + meta_data_query = DojoMeta.objects.filter(endpoint=endpoint) + form_mapping = {"endpoint": endpoint} + formset = DojoMetaFormSet(queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) if request.method == "POST": - for key, orig_value in request.POST.items(): - if key.startswith("cfv_"): - cfv_id = int(key.split("_")[1]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - - value = orig_value.strip() - if value: - cfv.value = value - cfv.save() - if key.startswith("delete_"): - cfv_id = int(key.split("_")[2]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - cfv.delete() - - messages.add_message(request, - messages.SUCCESS, - "Metadata edited successfully.", - extra_tags="alert-success") - return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) + formset = DojoMetaFormSet(request.POST, queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) + if formset.is_valid(): + formset.save() + messages.add_message( + request, messages.SUCCESS, "Metadata updated successfully.", extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_endpoint", args=(eid,))) + add_breadcrumb(parent=endpoint, title="Manage Metadata", top_level=False, request=request) product_tab = Product_Tab(endpoint.product, "Edit Metadata", tab="endpoints") - return render(request, - "dojo/edit_endpoint_meta_data.html", - {"endpoint": endpoint, - "product_tab": product_tab, - }) + return render( + request, + "dojo/edit_metadata.html", + {"formset": formset, "product_tab": product_tab}, + ) # bulk mitigate and delete are combined, so we can't have the nice user_is_authorized decorator @@ -363,9 +335,9 @@ def endpoint_bulk_update_all(request, pid=None): if pid is not None: product = get_object_or_404(Product, id=pid) - user_has_permission_or_403(request.user, product, Permissions.Endpoint_Delete) + user_has_permission_or_403(request.user, product, Permissions.Location_Delete) - endpoints = get_authorized_endpoints(Permissions.Endpoint_Delete, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_Delete, endpoints, request.user) skipped_endpoint_count = total_endpoint_count - endpoints.count() deleted_endpoint_count = endpoints.count() @@ -373,7 +345,7 @@ def endpoint_bulk_update_all(request, pid=None): product_calc = list(Product.objects.filter(endpoint__id__in=endpoints_to_update).distinct()) endpoints.delete() for prod in product_calc: - calculate_grade(prod) + calculate_grade(prod.id) if skipped_endpoint_count > 0: add_error_message_to_response(f"Skipped deletion of {skipped_endpoint_count} endpoints because you are not authorized.") @@ -389,7 +361,7 @@ def endpoint_bulk_update_all(request, pid=None): product = get_object_or_404(Product, id=pid) user_has_permission_or_403(request.user, product, Permissions.Finding_Edit) - endpoints = get_authorized_endpoints(Permissions.Endpoint_Edit, endpoints, request.user) + endpoints = get_authorized_endpoints_for_queryset(Permissions.Location_Edit, endpoints, request.user) skipped_endpoint_count = total_endpoint_count - endpoints.count() updated_endpoint_count = endpoints.count() @@ -484,7 +456,7 @@ def migrate_endpoints_view(request): }) -@user_is_authorized(Product, Permissions.Endpoint_Edit, "pid") +@user_is_authorized(Product, Permissions.Location_Edit, "pid") def import_endpoint_meta(request, pid): product = get_object_or_404(Product, id=pid) form = ImportEndpointMetaForm() @@ -517,3 +489,15 @@ def import_endpoint_meta(request, pid): "product_tab": product_tab, "form": form, }) + + +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") +def endpoint_report(request, eid): + endpoint = get_object_or_404(Endpoint, id=eid) + return generate_report(request, endpoint, host_view=False) + + +@user_is_authorized(Endpoint, Permissions.Location_View, "eid") +def endpoint_host_report(request, eid): + endpoint = get_object_or_404(Endpoint, id=eid) + return generate_report(request, endpoint, host_view=True) diff --git a/dojo/engagement/queries.py b/dojo/engagement/queries.py index 97eeb31bdfa..cd720eb4251 100644 --- a/dojo/engagement/queries.py +++ b/dojo/engagement/queries.py @@ -1,10 +1,13 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import Engagement, Product_Group, Product_Member, Product_Type_Group, Product_Type_Member +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_engagements(permission): user = get_current_user() @@ -18,27 +21,28 @@ def get_authorized_engagements(permission): return Engagement.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - engagements = Engagement.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return engagements.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Engagement.objects.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") diff --git a/dojo/engagement/services.py b/dojo/engagement/services.py index 18aed9e425b..cd70af1ea2c 100644 --- a/dojo/engagement/services.py +++ b/dojo/engagement/services.py @@ -16,7 +16,7 @@ def close_engagement(eng): eng.save() if jira_helper.get_jira_project(eng): - jira_helper.close_epic(eng, push_to_jira=True) + jira_helper.close_epic(eng.id, push_to_jira=True) def reopen_engagement(eng): diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index 2eaad662e7a..4eb5398cb61 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -73,6 +73,8 @@ ) from dojo.importers.base_importer import BaseImporter from dojo.importers.default_importer import DefaultImporter +from dojo.location.models import Location +from dojo.location.utils import save_locations_to_add from dojo.models import ( Check_List, Cred_Mapping, @@ -390,7 +392,7 @@ def copy_engagement(request, eid): form = DoneForm(request.POST) if form.is_valid(): engagement_copy = engagement.copy() - calculate_grade(product) + calculate_grade(product.id) messages.add_message( request, messages.SUCCESS, @@ -848,11 +850,18 @@ def handle_request( ) # Get the product tab and any additional custom breadcrumbs product_tab, custom_breadcrumb = self.get_product_tab(product, engagement) + + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(products__product_id=product_tab.product.id) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product__id=product_tab.product.id) + # Get the import form with some initial data in place form = self.get_form( request, environment=environment, - endpoints=Endpoint.objects.filter(product__id=product_tab.product.id), + endpoints=endpoints, api_scan_configuration=Product_API_Scan_Configuration.objects.filter(product__id=product_tab.product.id), ) # Get the credential mapping form @@ -1013,10 +1022,17 @@ def process_form( if close_old_findings_product_scope := form.cleaned_data.get("close_old_findings_product_scope", None): context["close_old_findings_product_scope"] = close_old_findings_product_scope context["close_old_findings"] = True - # Save newly added endpoints - added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, context.get("engagement").product) - endpoints_from_form = list(form.cleaned_data["endpoints"]) - context["endpoints_to_add"] = endpoints_from_form + added_endpoints + if settings.V3_FEATURE_LOCATIONS: + # Save newly added locations + added_locations = save_locations_to_add(form.endpoints_to_add_list) + locations_from_form = [location.url for location in form.cleaned_data["endpoints"]] + context["endpoints_to_add"] = locations_from_form + added_locations + else: + # TODO: Delete this after the move to Locations + # Save newly added endpoints + added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, context.get("engagement").product) + endpoints_from_form = list(form.cleaned_data["endpoints"]) + context["endpoints_to_add"] = endpoints_from_form + added_endpoints # Override the form values of active and verified if activeChoice := form.cleaned_data.get("active", None): if activeChoice == "force_to_true": diff --git a/dojo/filters.py b/dojo/filters.py index 4ae5224dab6..893be4d5a7d 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -38,7 +38,7 @@ # from tagulous.forms import TagWidget # import tagulous from dojo.authorization.roles_permissions import Permissions -from dojo.endpoint.queries import get_authorized_endpoints +from dojo.endpoint.queries import get_authorized_endpoints_for_queryset from dojo.engagement.queries import get_authorized_engagements from dojo.finding.helper import ( ACCEPTED_FINDINGS_QUERY, @@ -52,9 +52,10 @@ VERIFIED_FINDINGS_QUERY, WAS_ACCEPTED_FINDINGS_QUERY, ) -from dojo.finding.queries import get_authorized_findings -from dojo.finding_group.queries import get_authorized_finding_groups +from dojo.finding.queries import get_authorized_findings_for_queryset +from dojo.finding_group.queries import get_authorized_finding_groups_for_queryset from dojo.labels import get_labels +from dojo.location.status import FindingLocationStatus, ProductLocationStatus from dojo.models import ( EFFORT_FOR_FIXING_CHOICES, ENGAGEMENT_STATUS_CHOICES, @@ -522,6 +523,34 @@ def get_finding_filterset_fields(*, metrics=False, similar=False, filter_string_ return fields +def filter_endpoints_base(queryset, name, value, statuses=None, host=None): + """ + Apply `endpoints` filter, and if location_status or host + are present, combine them on the same row. + """ + filters_kwargs = {"locations__location": value} + if statuses: + filters_kwargs["locations__status__in"] = statuses + if host: + filters_kwargs["locations__location__url__host__icontains"] = host + + return queryset.filter(**filters_kwargs) + + +def filter_endpoints_host_base(queryset, name, value, statuses=None, endpoint_id=None): + """ + Apply `endpoints__host` filter, and if endpoints or location_status + are present, combine them on the same row. + """ + filters_kwargs = {"locations__location__url__host__icontains": value} + if endpoint_id: + filters_kwargs["locations__location"] = endpoint_id + if statuses: + filters_kwargs["locations__status__in"] = statuses + + return queryset.filter(**filters_kwargs) + + class FindingTagFilter(DojoFilter): tag = CharFilter( field_name="tags__name", @@ -1359,6 +1388,35 @@ class ProductFilterHelper(FilterSet): not_tag = CharFilter(field_name="tags__name", lookup_expr="icontains", label="Not tag name contains", exclude=True) outside_of_sla = ProductSLAFilter(label="Outside of SLA") has_tags = BooleanFilter(field_name="tags", lookup_expr="isnull", exclude=True, label="Has tags") + if settings.V3_FEATURE_LOCATIONS: + location_status = MultipleChoiceFilter( + field_name="locations__status", + choices=ProductLocationStatus.choices, + help_text="Status of the Location from the Products relationship", + ) + endpoints__host = CharFilter( + field_name="locations__location__url__host", method="filter_endpoints_host", label="Endpoint Host", + ) + endpoints = NumberFilter(field_name="locations__location", method="filter_endpoints", widget=HiddenInput()) + + def filter_endpoints_host(self, queryset, name, value): + return filter_endpoints_host_base( + queryset, + name, + value, + endpoint_id=self.data.get("endpoints"), + statuses=self.data.getlist("location_status"), + ) + + def filter_endpoints(self, queryset, name, value): + return filter_endpoints_base( + queryset, + name, + value, + statuses=self.data.getlist("location_status"), + host=self.data.get("endpoints__host"), + ) + o = OrderingFilter( # tuple-mapping retains order fields=( @@ -1447,6 +1505,13 @@ class Meta: class ApiDojoMetaFilter(DojoFilter): name_case_insensitive = CharFilter(field_name="name", lookup_expr="iexact") value_case_insensitive = CharFilter(field_name="value", lookup_expr="iexact") + endpoint = NumberFilter(field_name="location__products__id", lookup_expr="exact") + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + self.filters["endpoint"] = NumberFilter(field_name="endpoint", lookup_expr="exact") class Meta: model = DojoMeta @@ -1454,6 +1519,7 @@ class Meta: "id", "product", "endpoint", + "location", "finding", "name", "value", @@ -1773,18 +1839,48 @@ class FindingFilterHelper(FilterSet): param = CharFilter(lookup_expr="icontains") payload = CharFilter(lookup_expr="icontains") test__test_type = ModelMultipleChoiceFilter(queryset=Test_Type.objects.all(), label="Test Type") - endpoints__host = CharFilter(lookup_expr="icontains", label="Endpoint Host") service = CharFilter(lookup_expr="icontains") test__engagement__version = CharFilter(lookup_expr="icontains", label="Engagement Version") test__version = CharFilter(lookup_expr="icontains", label="Test Version") risk_acceptance = ReportRiskAcceptanceFilter(label="Risk Accepted") effort_for_fixing = MultipleChoiceFilter(choices=EFFORT_FOR_FIXING_CHOICES) test_import_finding_action__test_import = NumberFilter(widget=HiddenInput()) - endpoints = NumberFilter(widget=HiddenInput()) status = FindingStatusFilter(label="Status") test__engagement__product__lifecycle = MultipleChoiceFilter( choices=Product.LIFECYCLE_CHOICES, label=labels.ASSET_LIFECYCLE_LABEL) + if settings.V3_FEATURE_LOCATIONS: + location_status = MultipleChoiceFilter( + field_name="locations__status", + choices=FindingLocationStatus.choices, + help_text="Status of the Location from the Findings relationship", + ) + endpoints__host = CharFilter( + field_name="locations__location__url__host", method="filter_endpoints_host", label="Endpoint Host", + ) + endpoints = NumberFilter(field_name="locations__location", method="filter_endpoints", widget=HiddenInput()) + + def filter_endpoints_host(self, queryset, name, value): + return filter_endpoints_host_base( + queryset, + name, + value, + endpoint_id=self.data.get("endpoints"), + statuses=self.data.getlist("location_status"), + ) + + def filter_endpoints(self, queryset, name, value): + return filter_endpoints_base( + queryset, + name, + value, + statuses=self.data.getlist("location_status"), + host=self.data.get("endpoints__host"), + ) + else: + # TODO: Delete this after the move to Locations + endpoints__host = CharFilter(lookup_expr="icontains", label="Endpoint Host") + endpoints = NumberFilter(widget=HiddenInput()) has_component = BooleanFilter( field_name="component_name", @@ -1889,6 +1985,8 @@ class FindingFilterHelper(FilterSet): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + if "test__test_type" in self.form.fields: + self.form.fields["test__test_type"].queryset = get_visible_scan_types() def set_date_fields(self, *args: list, **kwargs: dict): date_input_widget = forms.DateInput(attrs={"class": "datepicker", "placeholder": "YYYY-MM-DD"}, format="%Y-%m-%d") @@ -2023,9 +2121,6 @@ def __init__(self, *args, **kwargs): del self.form.fields["test__engagement__product__name_contains"] del self.form.fields["test__engagement__product__prod_type__name"] del self.form.fields["test__engagement__product__prod_type__name_contains"] - else: - del self.form.fields["test__name"] - del self.form.fields["test__name_contains"] class FindingFilter(FindingFilterHelper, FindingTagFilter): @@ -2075,9 +2170,6 @@ def __init__(self, *args, **kwargs): # Don't show the product filter on the product finding view self.set_related_object_fields(*args, **kwargs) - if "test__test_type" in self.form.fields: - self.form.fields["test__test_type"].queryset = get_visible_scan_types() - def set_related_object_fields(self, *args: list, **kwargs: dict): finding_group_query = Finding_Group.objects.all() if self.pid is not None: @@ -2098,7 +2190,7 @@ def set_related_object_fields(self, *args: list, **kwargs: dict): if self.form.fields.get("test__engagement__product"): self.form.fields["test__engagement__product"].queryset = get_authorized_products(Permissions.Product_View) if self.form.fields.get("finding_group", None): - self.form.fields["finding_group"].queryset = get_authorized_finding_groups(Permissions.Finding_Group_View, queryset=finding_group_query) + self.form.fields["finding_group"].queryset = get_authorized_finding_groups_for_queryset(Permissions.Finding_Group_View, finding_group_query) self.form.fields["reporter"].queryset = get_authorized_users(Permissions.Finding_View) self.form.fields["reviewers"].queryset = self.form.fields["reporter"].queryset @@ -2205,7 +2297,7 @@ def set_hash_codes(self, *args: list, **kwargs: dict): def filter_queryset(self, *args: list, **kwargs: dict): queryset = super().filter_queryset(*args, **kwargs) - queryset = get_authorized_findings(Permissions.Finding_View, queryset, self.user) + queryset = get_authorized_findings_for_queryset(Permissions.Finding_View, queryset, self.user) return queryset.exclude(pk=self.finding.pk) @@ -2751,7 +2843,7 @@ def __init__(self, *args, **kwargs): @property def qs(self): parent = super().qs - return get_authorized_endpoints(Permissions.Endpoint_View, parent) + return get_authorized_endpoints_for_queryset(Permissions.Location_View, parent) class Meta: model = Endpoint @@ -2892,7 +2984,7 @@ def __init__(self, *args, **kwargs): @property def qs(self): parent = super().qs - return get_authorized_endpoints(Permissions.Endpoint_View, parent) + return get_authorized_endpoints_for_queryset(Permissions.Location_View, parent) class Meta: model = Endpoint @@ -3240,7 +3332,7 @@ def manage_kwargs(self, kwargs): @property def qs(self): parent = super().qs - return get_authorized_findings(Permissions.Finding_View, parent) + return get_authorized_findings_for_queryset(Permissions.Finding_View, parent) class ReportFindingFilter(ReportFindingFilterHelper, FindingTagFilter): @@ -3260,7 +3352,7 @@ def __init__(self, *args, **kwargs): # duplicate_finding queryset needs to restricted in line with permissions # and inline with report scope to avoid a dropdown with 100K entries duplicate_finding_query_set = self.form.fields["duplicate_finding"].queryset - duplicate_finding_query_set = get_authorized_findings(Permissions.Finding_View, duplicate_finding_query_set) + duplicate_finding_query_set = get_authorized_findings_for_queryset(Permissions.Finding_View, duplicate_finding_query_set) if self.test: duplicate_finding_query_set = duplicate_finding_query_set.filter(test=self.test) diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py index fea6a83d584..54517108f25 100644 --- a/dojo/finding/deduplication.py +++ b/dojo/finding/deduplication.py @@ -8,7 +8,7 @@ from django.db.models.query_utils import Q from dojo.celery import app -from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.decorators import dojo_async_task from dojo.models import Finding, System_Settings logger = logging.getLogger(__name__) @@ -45,12 +45,10 @@ def get_finding_models_for_deduplication(finding_ids): ) -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id -def do_dedupe_finding_task(new_finding, *args, **kwargs): - return do_dedupe_finding(new_finding, *args, **kwargs) +def do_dedupe_finding_task(new_finding_id, *args, **kwargs): + return do_dedupe_finding_task_internal(Finding.objects.get(id=new_finding_id), *args, **kwargs) @dojo_async_task @@ -71,7 +69,7 @@ def do_dedupe_batch_task(finding_ids, *args, **kwargs): dedupe_batch_of_findings(findings) -def do_dedupe_finding(new_finding, *args, **kwargs): +def do_dedupe_finding_task_internal(new_finding, *args, **kwargs): from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): return dedupe_method(new_finding, *args, **kwargs) @@ -158,9 +156,9 @@ def set_duplicate(new_finding, existing_finding): # existing_finding.found_by.add(new_finding.test.test_type) logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save() + super(Finding, new_finding).save(skip_validation=True) logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save() + super(Finding, existing_finding).save(skip_validation=True) def is_duplicate_reopen(new_finding, existing_finding) -> bool: @@ -210,12 +208,48 @@ def are_urls_equal(url1, url2, fields): return True -def are_endpoints_duplicates(new_finding, to_duplicate_finding): +def finding_locations(finding): + return [ref.location.url for ref in finding.locations.all()] + + +def are_location_urls_equal(url1, url2, fields): + deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) + for field in fields: + if (field == "scheme" and url1.protocol != url2.protocol) or (field == "host" and url1.host != url2.host): + return False + if (field == "port" and url1.port != url2.port) or (field == "path" and url1.path != url2.path) or ( + field == "query" and url1.query != url2.query) or ( + field == "fragment" and url1.fragment != url2.fragment) or ( + field == "userinfo" and url1.user_info != url2.user_info): + return False + return True + + +def are_locations_duplicates(new_finding, to_duplicate_finding): fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS if len(fields) == 0: deduplicationLogger.debug("deduplication by endpoint fields is disabled") return True + if settings.V3_FEATURE_LOCATIONS: + list1 = finding_locations(new_finding) + list2 = finding_locations(to_duplicate_finding) + + deduplicationLogger.debug( + f"Starting deduplication by location fields for finding {new_finding.id} with locations {list1} and finding {to_duplicate_finding.id} with locations {list2}", + ) + + if list1 == [] and list2 == []: + return True + + for l1 in list1: + for l2 in list2: + if are_location_urls_equal(l1, l2, fields): + return True + + deduplicationLogger.debug(f"locations are not duplicates: {new_finding.id} and {to_duplicate_finding.id}") + return False + # TODO: Delete this after the move to Locations list1 = get_endpoints_as_url(new_finding) list2 = get_endpoints_as_url(to_duplicate_finding) @@ -473,7 +507,7 @@ def get_matches_from_hash_candidates(new_finding, candidates_by_hash) -> Iterato if is_deduplication_on_engagement_mismatch(new_finding, candidate): deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - if are_endpoints_duplicates(new_finding, candidate): + if are_locations_duplicates(new_finding, candidate): yield candidate @@ -509,11 +543,11 @@ def get_matches_from_uid_or_hash_candidates(new_finding, candidates_by_uid, cand if is_deduplication_on_engagement_mismatch(new_finding, candidate): deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - if are_endpoints_duplicates(new_finding, candidate): - deduplicationLogger.debug("UID_OR_HASH: endpoints match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) + if are_locations_duplicates(new_finding, candidate): + deduplicationLogger.debug("UID_OR_HASH: locations match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) yield candidate else: - deduplicationLogger.debug("UID_OR_HASH: endpoints mismatch, skipping candidate %s", candidate.id) + deduplicationLogger.debug("UID_OR_HASH: locations mismatch, skipping candidate %s", candidate.id) def get_matches_from_legacy_candidates(new_finding, candidates_by_title, candidates_by_cwe) -> Iterator[Finding]: @@ -534,46 +568,86 @@ def get_matches_from_legacy_candidates(new_finding, candidates_by_title, candida if not _is_candidate_older(new_finding, candidate): continue if is_deduplication_on_engagement_mismatch(new_finding, candidate): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") continue - flag_endpoints = False - flag_line_path = False - - # --------------------------------------------------------- - # 2) If existing and new findings have endpoints: compare them all - # Else look at line+file_path - # (if new finding is not static, do not deduplicate) - # --------------------------------------------------------- - - if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: - list1 = [str(e) for e in new_finding.endpoints.all()] - list2 = [str(e) for e in candidate.endpoints.all()] - if all(x in list1 for x in list2): - deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) - flag_endpoints = True - elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: - if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: - deduplicationLogger.debug("%s: file_path and line match", candidate.id) - flag_line_path = True + if settings.V3_FEATURE_LOCATIONS: + flag_locations = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have locations: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.locations.count() != 0 and new_finding.locations.count() != 0: + list1 = [ref.location.location_value for ref in new_finding.locations.all()] + list2 = [ref.location.location_value for ref in candidate.locations.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing locations are present in new finding", candidate.id) + flag_locations = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug( + "no locations on one of the findings and file_path doesn't match; Deduplication will not occur") else: - deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug( + "no locations on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + + flag_hash = candidate.hash_code == new_finding.hash_code + + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_locations: " + str(flag_locations) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + + if (flag_locations or flag_line_path) and flag_hash: + yield candidate else: - deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) - deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) - deduplicationLogger.debug("find.file_path: %s", candidate.file_path) - deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) - deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + # TODO: Delete this after the move to Locations + flag_endpoints = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have endpoints: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: + list1 = [str(e) for e in new_finding.endpoints.all()] + list2 = [str(e) for e in candidate.endpoints.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) + flag_endpoints = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + else: + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") - flag_hash = candidate.hash_code == new_finding.hash_code + flag_hash = candidate.hash_code == new_finding.hash_code - deduplicationLogger.debug( - "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) - + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) - if (flag_endpoints or flag_line_path) and flag_hash: - yield candidate + if (flag_endpoints or flag_line_path) and flag_hash: + yield candidate def _dedupe_batch_hash_code(findings): diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 8b829455d21..51c65553742 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -16,14 +16,17 @@ import dojo.jira_link.helper as jira_helper import dojo.risk_acceptance.helper as ra_helper from dojo.celery import app -from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.decorators import dojo_async_task from dojo.endpoint.utils import endpoint_get_or_create, save_endpoints_to_add from dojo.file_uploads.helper import delete_related_files from dojo.finding.deduplication import ( dedupe_batch_of_findings, - do_dedupe_finding, + do_dedupe_finding_task_internal, get_finding_models_for_deduplication, ) +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.location.utils import save_locations_to_add from dojo.models import ( Endpoint, Endpoint_Status, @@ -38,11 +41,13 @@ from dojo.notes.helper import delete_related_notes from dojo.notifications.helper import create_notification from dojo.tools import tool_issue_updater +from dojo.url.models import URL from dojo.utils import ( calculate_grade, close_external_issue, do_false_positive_history, get_current_user, + get_object_or_none, mass_model_updater, to_str_typed, ) @@ -390,27 +395,14 @@ def add_findings_to_auto_group(name, findings, group_by, *, create_finding_group finding_group.findings.add(*findings) -@dojo_model_to_id -@dojo_async_task(signature=True) -@app.task -@dojo_model_from_id -def post_process_finding_save_signature(finding, dedupe_option=True, rules_option=True, product_grading_option=True, # noqa: FBT002 - issue_updater_option=True, push_to_jira=False, user=None, *args, **kwargs): # noqa: FBT002 - this is bit hard to fix nice have this universally fixed - """ - Returns a task signature for post-processing a finding. This is useful for creating task signatures - that can be used in chords or groups or to await results. We need this extra method because of our dojo_async decorator. - If we use more of these celery features, we should probably move away from that decorator. - """ - return post_process_finding_save_internal(finding, dedupe_option, rules_option, product_grading_option, - issue_updater_option, push_to_jira, user, *args, **kwargs) - - -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id -def post_process_finding_save(finding, dedupe_option=True, rules_option=True, product_grading_option=True, # noqa: FBT002 +def post_process_finding_save(finding_id, dedupe_option=True, rules_option=True, product_grading_option=True, # noqa: FBT002 issue_updater_option=True, push_to_jira=False, user=None, *args, **kwargs): # noqa: FBT002 - this is bit hard to fix nice have this universally fixed + finding = get_object_or_none(Finding, id=finding_id) + if not finding: + logger.warning("Finding with id %s does not exist, skipping post_process_finding_save", finding_id) + return None return post_process_finding_save_internal(finding, dedupe_option, rules_option, product_grading_option, issue_updater_option, push_to_jira, user, *args, **kwargs) @@ -429,7 +421,7 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option if dedupe_option: if finding.hash_code is not None: if system_settings.enable_deduplication: - do_dedupe_finding(finding, *args, **kwargs) + do_dedupe_finding_task_internal(finding, *args, **kwargs) else: deduplicationLogger.debug("skipping dedupe because it's disabled in system settings") else: @@ -448,7 +440,7 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option if product_grading_option: if system_settings.enable_product_grade: - calculate_grade(finding.test.engagement.product) + calculate_grade(finding.test.engagement.product.id) else: deduplicationLogger.debug("skipping product grading because it's disabled in system settings") @@ -465,14 +457,6 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option jira_helper.push_to_jira(finding.finding_group) -@dojo_async_task(signature=True) -@app.task -def post_process_findings_batch_signature(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, - issue_updater_option=True, push_to_jira=False, user=None, **kwargs): - return post_process_findings_batch(finding_ids, *args, dedupe_option=dedupe_option, rules_option=rules_option, product_grading_option=product_grading_option, issue_updater_option=issue_updater_option, push_to_jira=push_to_jira, user=user, **kwargs) - # Pass arguments as keyword arguments to ensure Celery properly serializes them - - @dojo_async_task @app.task def post_process_findings_batch(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, @@ -516,7 +500,7 @@ def post_process_findings_batch(finding_ids, *args, dedupe_option=True, rules_op tool_issue_updater.async_tool_issue_update(finding) if product_grading_option and system_settings.enable_product_grade: - calculate_grade(findings[0].test.engagement.product) + calculate_grade(findings[0].test.engagement.product.id) if push_to_jira: for finding in findings: @@ -715,7 +699,7 @@ def fix_loop_duplicates(): for f in new_originals: deduplicationLogger.info(f"New Original: {f.id}") f.duplicate = False - super(Finding, f).save() + super(Finding, f).save(skip_validation=True) loop_count = Finding.objects.filter(duplicate_finding__isnull=False, original_finding__isnull=False).count() deduplicationLogger.info(f"{loop_count} Finding found which still has Loops, please run fix loop duplicates again") @@ -736,7 +720,7 @@ def removeLoop(finding_id, counter): # loop fully removed finding.duplicate_finding = None # duplicate remains True, will be set to False in fix_loop_duplicates (and logged as New Original?). - super(Finding, finding).save() + super(Finding, finding).save(skip_validation=True) return # Only modify the findings if the original ID is lower to get the oldest finding as original @@ -750,31 +734,53 @@ def removeLoop(finding_id, counter): if real_original in finding.original_finding.all(): # remove the original from the duplicate list if it is there finding.original_finding.remove(real_original) - super(Finding, finding).save() + super(Finding, finding).save(skip_validation=True) if counter <= 0: # Maximum recursion depth as safety method to circumvent recursion here return for f in finding.original_finding.all(): # for all duplicates set the original as their original, get rid of self in between f.duplicate_finding = real_original - super(Finding, f).save() - super(Finding, real_original).save() + super(Finding, f).save(skip_validation=True) + super(Finding, real_original).save(skip_validation=True) removeLoop(f.id, counter - 1) -def add_endpoints(new_finding, form): - added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, new_finding.test.engagement.product) - endpoint_ids = [endpoint.id for endpoint in added_endpoints] +def add_locations(finding, form): + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + added_endpoints = save_endpoints_to_add(form.endpoints_to_add_list, finding.test.engagement.product) + endpoint_ids = [endpoint.id for endpoint in added_endpoints] + + # Merge form endpoints with existing endpoints (don't replace) + form_endpoints = form.cleaned_data.get("endpoints", Endpoint.objects.none()) + new_endpoints = Endpoint.objects.filter(id__in=endpoint_ids) + finding.endpoints.set(form_endpoints | new_endpoints | finding.endpoints.all()) - # Merge form endpoints with existing endpoints (don't replace) - form_endpoints = form.cleaned_data.get("endpoints", Endpoint.objects.none()) - new_endpoints = Endpoint.objects.filter(id__in=endpoint_ids) - new_finding.endpoints.set(form_endpoints | new_endpoints | new_finding.endpoints.all()) + for endpoint in finding.endpoints.all(): + _eps, _created = Endpoint_Status.objects.get_or_create( + finding=finding, + endpoint=endpoint, defaults={"date": form.cleaned_data["date"] or timezone.now()}) - for endpoint in new_finding.endpoints.all(): - _eps, _created = Endpoint_Status.objects.get_or_create( - finding=new_finding, - endpoint=endpoint, defaults={"date": form.cleaned_data["date"] or timezone.now()}) + return set(finding.endpoints.all()) + + added_locations = save_locations_to_add(form.endpoints_to_add_list) + location_ids = [abstract_location.location.id for abstract_location in added_locations] + + new_locations = Location.objects.filter(id__in=location_ids) + form_locations = form.cleaned_data.get("endpoints", Location.objects.none()) + + if date := form.cleaned_data.get("date"): + audit_time = timezone.make_aware(datetime(date.year, date.month, date.day)) + else: + audit_time = timezone.now() + + locations_to_associate = (form_locations | new_locations).distinct() + + for location in locations_to_associate: + location.associate_with_finding(finding, audit_time=audit_time) + + return set(locations_to_associate) def sanitize_vulnerability_ids(vulnerability_ids) -> None: @@ -934,21 +940,26 @@ def get_value(field_name, default=None): product = finding.test.engagement.product for endpoint_url in endpoint_urls: try: - endpoint = Endpoint.from_uri(endpoint_url) - ep, _ = endpoint_get_or_create( - protocol=endpoint.protocol, - host=endpoint.host, - port=endpoint.port, - path=endpoint.path, - query=endpoint.query, - fragment=endpoint.fragment, - product=product, - ) - Endpoint_Status.objects.get_or_create( - finding=finding, - endpoint=ep, - defaults={"date": finding.date or timezone.now()}, - ) + if settings.V3_FEATURE_LOCATIONS: + saved_url = URL.create_location_from_value(endpoint_url) + saved_url.location.associate_with_finding(finding) + else: + # TODO: Delete this after the move to Locations + endpoint = Endpoint.from_uri(endpoint_url) + ep, _ = endpoint_get_or_create( + protocol=endpoint.protocol, + host=endpoint.host, + port=endpoint.port, + path=endpoint.path, + query=endpoint.query, + fragment=endpoint.fragment, + product=product, + ) + Endpoint_Status.objects.get_or_create( + finding=finding, + endpoint=ep, + defaults={"date": finding.date or timezone.now()}, + ) except Exception as e: logger.warning(f"Failed to parse endpoint URL '{endpoint_url}': {e}") @@ -1026,19 +1037,25 @@ def close_finding( ) finding.notes.add(new_note) - # Endpoint statuses - for status in finding.status_finding.all(): - status.mitigated_by = finding.mitigated_by - status.mitigated_time = mitigated_date - status.mitigated = True - status.last_modified = current_time - status.save() + if settings.V3_FEATURE_LOCATIONS: + # Related locations + for ref in finding.locations.all(): + ref.set_status(FindingLocationStatus.Mitigated, finding.mitigated_by, mitigated_date) + else: + # TODO: Delete this after the move to Locations + # Endpoint statuses + for status in finding.status_finding.all(): + status.mitigated_by = finding.mitigated_by + status.mitigated_time = mitigated_date + status.mitigated = True + status.last_modified = current_time + status.save() # Risk acceptance ra_helper.risk_unaccept(user, finding, perform_save=False) # External issues (best effort) - close_external_issue(finding, "Closed by defectdojo", "github") + close_external_issue(finding.id, "Closed by defectdojo", "github") # JIRA sync push_to_jira = False diff --git a/dojo/finding/queries.py b/dojo/finding/queries.py index 5d186fdd2a5..7044f3347ec 100644 --- a/dojo/finding/queries.py +++ b/dojo/finding/queries.py @@ -1,12 +1,14 @@ import logging -from functools import partial from crum import get_current_user -from django.db.models import Exists, OuterRef, Q, Value -from django.db.models.functions import Coalesce +from django.conf import settings +from django.db.models import Case, CharField, Count, Exists, F, Q, Subquery, Value, When +from django.db.models.functions import Concat from django.db.models.query import Prefetch, QuerySet from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission +from dojo.location.models import LocationFindingReference +from dojo.location.status import FindingLocationStatus from dojo.models import ( IMPORT_UNTOUCHED_FINDING, Endpoint_Status, @@ -19,39 +21,57 @@ Test_Import_Finding_Action, Vulnerability_Id, ) -from dojo.query_utils import build_count_subquery +from dojo.request_cache import cache_for_request logger = logging.getLogger(__name__) -def get_authorized_groups(permission, user=None): +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_findings(permission, user=None): + """Cached - returns all findings the user is authorized to see.""" + if user is None: + user = get_current_user() + if user is None: + return Finding.objects.none() + findings = Finding.objects.all().order_by("id") + + if user.is_superuser: + return findings + + if user_has_global_permission(user, permission): + return findings + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("test__engagement__product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("test__engagement__product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("test__engagement__product_id"), - group__users=user, - role__in=roles) - - return ( - authorized_product_type_roles, - authorized_product_roles, - authorized_product_type_groups, - authorized_product_groups, + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return findings.filter( + Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_groups)), ) -def get_authorized_findings(permission, queryset=None, user=None): +def get_authorized_findings_for_queryset(permission, queryset, user=None): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" if user is None: user = get_current_user() if user is None: @@ -64,25 +84,36 @@ def get_authorized_findings(permission, queryset=None, user=None): if user_has_global_permission(user, permission): return findings - ( - authorized_product_type_roles, - authorized_product_roles, - authorized_product_type_groups, - authorized_product_groups, - ) = get_authorized_groups(permission, user=user) - - findings = findings.annotate( - test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), - test__engagement__product__member=Exists(authorized_product_roles), - test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - test__engagement__product__authorized_group=Exists(authorized_product_groups)) + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return findings.filter( - Q(test__engagement__product__prod_type__member=True) - | Q(test__engagement__product__member=True) - | Q(test__engagement__product__prod_type__authorized_group=True) - | Q(test__engagement__product__authorized_group=True)) + Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_stub_findings(permission): user = get_current_user() @@ -95,34 +126,45 @@ def get_authorized_stub_findings(permission): if user_has_global_permission(user, permission): return Stub_Finding.objects.all().order_by("id") - ( - authorized_product_type_roles, - authorized_product_roles, - authorized_product_type_groups, - authorized_product_groups, - ) = get_authorized_groups(permission, user=user) - - findings = Stub_Finding.objects.annotate( - test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), - test__engagement__product__member=Exists(authorized_product_roles), - test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - test__engagement__product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return findings.filter( - Q(test__engagement__product__prod_type__member=True) - | Q(test__engagement__product__member=True) - | Q(test__engagement__product__prod_type__authorized_group=True) - | Q(test__engagement__product__authorized_group=True)) + roles = get_roles_for_permission(permission) + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") -def get_authorized_vulnerability_ids(permission, queryset=None, user=None): + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Stub_Finding.objects.filter( + Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") + + +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_vulnerability_ids(permission, user=None): + """Cached - returns all vulnerability IDs the user is authorized to see.""" if user is None: user = get_current_user() if user is None: return Vulnerability_Id.objects.none() - vulnerability_ids = Vulnerability_Id.objects.all() if queryset is None else queryset + vulnerability_ids = Vulnerability_Id.objects.all() if user.is_superuser: return vulnerability_ids @@ -131,32 +173,73 @@ def get_authorized_vulnerability_ids(permission, queryset=None, user=None): return vulnerability_ids roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - group__users=user, - role__in=roles) - vulnerability_ids = vulnerability_ids.annotate( - finding__test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), - finding__test__engagement__product__member=Exists(authorized_product_roles), - finding__test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - finding__test__engagement__product__authorized_group=Exists(authorized_product_groups)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return vulnerability_ids.filter( - Q(finding__test__engagement__product__prod_type__member=True) - | Q(finding__test__engagement__product__member=True) - | Q(finding__test__engagement__product__prod_type__authorized_group=True) - | Q(finding__test__engagement__product__authorized_group=True)) + Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) + + +def get_authorized_vulnerability_ids_for_queryset(permission, queryset, user=None): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" + if user is None: + user = get_current_user() + + if user is None: + return Vulnerability_Id.objects.none() + + if user.is_superuser: + return queryset + + if user_has_global_permission(user, permission): + return queryset + + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return queryset.filter( + Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) def prefetch_for_findings(findings, prefetch_type="all", *, exclude_untouched=True): @@ -204,23 +287,110 @@ def prefetch_for_findings(findings, prefetch_type="all", *, exclude_untouched=Tr else: prefetched_findings = prefetched_findings.prefetch_related("test_import_finding_action_set") - # Standard prefetches - prefetched_findings = prefetched_findings.prefetch_related( - "notes", - "tags", - "endpoints", - "status_finding", - "finding_group_set", - "finding_group_set__jira_issue", # Include both variants - "test__engagement__product__members", - "test__engagement__product__prod_type__members", - "vulnerability_id_set", - ) - # Endpoint counts using optimized subqueries - base_status = Endpoint_Status.objects.filter(finding_id=OuterRef("pk")) - count_subquery = partial(build_count_subquery, group_field="finding_id") - return prefetched_findings.annotate( - active_endpoint_count=Coalesce(count_subquery(base_status.filter(mitigated=False)), Value(0)), - mitigated_endpoint_count=Coalesce(count_subquery(base_status.filter(mitigated=True)), Value(0)), - ) + if settings.V3_FEATURE_LOCATIONS: + # Standard prefetches + prefetched_findings = prefetched_findings.prefetch_related( + "notes", + "tags", + "locations__location__url", + "status_finding", + "finding_group_set", + "finding_group_set__jira_issue", # Include both variants + "test__engagement__product__members", + "test__engagement__product__prod_type__members", + "vulnerability_id_set", + ) + base_status = LocationFindingReference.objects.prefetch_related("location__url").all() + prefetched_findings = prefetched_findings.annotate( + has_endpoints=Exists(base_status), + active_endpoint_count=Count( + "locations", + filter=Q(locations__status=FindingLocationStatus.Active), + distinct=True, + ), + mitigated_endpoint_count=Count( + "locations", + filter=(~Q(locations__status=FindingLocationStatus.Active)), + distinct=True, + ), + ).prefetch_related( + Prefetch( + "locations", + queryset=base_status.filter(status=FindingLocationStatus.Active).annotate(is_broken=F("location__url__host_validation_failure"), object_id=F("location__id")).order_by("audit_time"), + to_attr="active_endpoints", + ), + Prefetch( + "locations", + queryset=base_status.filter(~Q(status=FindingLocationStatus.Active)).annotate(is_broken=F("location__url__host_validation_failure"), object_id=F("location__id")).order_by("audit_time"), + to_attr="mitigated_endpoints", + ), + ) + else: + # Standard prefetches + prefetched_findings = prefetched_findings.prefetch_related( + "notes", + "tags", + "endpoints", + "status_finding", + "finding_group_set", + "finding_group_set__jira_issue", # Include both variants + "test__engagement__product__members", + "test__engagement__product__prod_type__members", + "vulnerability_id_set", + ) + base_status = Endpoint_Status.objects.prefetch_related("endpoint") + status = Case( + When( + Q(false_positive=True) | Q(risk_accepted=True) | Q(out_of_scope=True) | Q(mitigated=True), + then=Concat( + Case(When(false_positive=True, then=Value("False Positive, ")), default=Value("")), + Case(When(risk_accepted=True, then=Value("Risk Accepted, ")), default=Value("")), + Case(When(out_of_scope=True, then=Value("Out of Scope, ")), default=Value("")), + Case(When(mitigated=True, then=Value("Mitigated, ")), default=Value("")), + output_field=CharField(), + ), + ), + default=Value("Active"), + output_field=CharField(), + ) + prefetched_findings = prefetched_findings.annotate( + has_endpoints=Exists(base_status), + active_endpoint_count=Count( + "status_finding", + filter=Q( + status_finding__mitigated=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + ), + distinct=True, + ), + mitigated_endpoint_count=Count( + "status_finding", + filter=( + Q(status_finding__mitigated=True) + | Q(status_finding__false_positive=True) + | Q(status_finding__out_of_scope=True) + | Q(status_finding__risk_accepted=True) + ), + distinct=True, + ), + ).prefetch_related( + Prefetch( + "status_finding", + queryset=base_status.filter( + mitigated=False, false_positive=False, out_of_scope=False, risk_accepted=False, + ).annotate(status=status, object_id=F("endpoint__id")).order_by("last_modified"), + to_attr="active_endpoints", + ), + Prefetch( + "status_finding", + queryset=base_status.filter( + Q(mitigated=True) | Q(false_positive=True) | Q(out_of_scope=True) | Q(risk_accepted=True), + ).annotate(status=status, object_id=F("endpoint__id")).order_by("mitigated_time"), + to_attr="mitigated_endpoints", + ), + ) + + return prefetched_findings diff --git a/dojo/finding/views.py b/dojo/finding/views.py index 06340bf8640..3269f92902a 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -49,7 +49,7 @@ TestImportFilter, TestImportFindingActionFilter, ) -from dojo.finding.queries import get_authorized_findings, prefetch_for_findings +from dojo.finding.queries import get_authorized_findings, get_authorized_findings_for_queryset, prefetch_for_findings from dojo.forms import ( ApplyFindingTemplateForm, ClearFindingReviewForm, @@ -72,6 +72,7 @@ StubFindingForm, TypedNoteForm, ) +from dojo.location.status import FindingLocationStatus from dojo.models import ( IMPORT_UNTOUCHED_FINDING, BurpRawRequestResponse, @@ -428,7 +429,7 @@ def get(self, request: HttpRequest, product_id: int | None = None, engagement_id class ViewFinding(View): def get_finding(self, finding_id: int): - finding_qs = prefetch_for_findings(Finding.objects.all(), exclude_untouched=False) + finding_qs = prefetch_for_findings(Finding.objects.filter(id=finding_id), exclude_untouched=False) return get_object_or_404(finding_qs, id=finding_id) def get_dojo_user(self, request: HttpRequest): @@ -853,17 +854,27 @@ def process_mitigated_data(self, request: HttpRequest, finding: Finding, context ) and context["form"]["duplicate"].value() is False): now = timezone.now() finding.is_mitigated = True - endpoint_status = finding.status_finding.all() - for status in endpoint_status: - status.mitigated_by = ( - context["form"].cleaned_data.get("mitigated_by") or request.user - ) - status.mitigated_time = ( - context["form"].cleaned_data.get("mitigated") or now - ) - status.mitigated = True - status.last_modified = timezone.now() - status.save() + + if settings.V3_FEATURE_LOCATIONS: + for ref in finding.locations.all(): + ref.set_status( + FindingLocationStatus.Mitigated, + context["form"].cleaned_data.get("mitigated_by") or request.user, + context["form"].cleaned_data.get("mitigated") or now, + ) + else: + # TODO: Delete this after the move to Locations + endpoint_status = finding.status_finding.all() + for status in endpoint_status: + status.mitigated_by = ( + context["form"].cleaned_data.get("mitigated_by") or request.user + ) + status.mitigated_time = ( + context["form"].cleaned_data.get("mitigated") or now + ) + status.mitigated = True + status.last_modified = timezone.now() + status.save() def process_false_positive_history(self, finding: Finding): if get_system_setting("false_positive_history", False): @@ -920,13 +931,19 @@ def process_finding_form(self, request: HttpRequest, finding: Finding, context: ra_helper.simple_risk_accept(request.user, new_finding, perform_save=False) elif new_finding.risk_accepted: ra_helper.risk_unaccept(request.user, new_finding, perform_save=False) - # Save and add new endpoints - finding_helper.add_endpoints(new_finding, context["form"]) + # Save and add new locations + associated_locations = finding_helper.add_locations(new_finding, context["form"]) # Remove unrelated endpoints - endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) - for endpoint_status in endpoint_status_list: - if endpoint_status.endpoint not in new_finding.endpoints.all(): - endpoint_status.delete() + if settings.V3_FEATURE_LOCATIONS: + for ref in new_finding.locations.all(): + if ref.location not in associated_locations: + ref.location.disassociate_from_finding(new_finding) + else: + # TODO: Delete this after the move to Locations + endpoint_status_list = Endpoint_Status.objects.filter(finding=new_finding) + for endpoint_status in endpoint_status_list: + if endpoint_status.endpoint not in new_finding.endpoints.all(): + endpoint_status.delete() # Handle some of the other steps self.process_mitigated_data(request, new_finding, context) self.process_false_positive_history(new_finding) @@ -1003,9 +1020,9 @@ def process_github_form(self, request: HttpRequest, finding: Finding, context: d if context["gform"].is_valid(): if GITHUB_Issue.objects.filter(finding=finding).exists(): - update_external_issue(finding, old_status, "github") + update_external_issue(finding.id, old_status, "github") else: - add_external_issue(finding, "github") + add_external_issue(finding.id, "github") return request, True add_field_errors_to_response(context["gform"]) @@ -1082,7 +1099,7 @@ def process_form(self, request: HttpRequest, finding: Finding, context: dict): product = finding.test.engagement.product finding.delete() # Update the grade of the product async - calculate_grade(product) + calculate_grade(product.id) # Add a message to the request that the finding was successfully deleted messages.add_message( request, @@ -1305,20 +1322,24 @@ def reopen_finding(request, fid): finding.last_reviewed = finding.mitigated finding.last_reviewed_by = request.user finding.under_review = False - endpoint_status = finding.status_finding.all() - for status in endpoint_status: - status.mitigated_by = None - status.mitigated_time = None - status.mitigated = False - status.last_modified = timezone.now() - status.save() + if settings.V3_FEATURE_LOCATIONS: + for ref in finding.locations.all(): + ref.set_status(FindingLocationStatus.Active, request.user, timezone.now()) + else: + endpoint_status = finding.status_finding.all() + for status in endpoint_status: + status.mitigated_by = None + status.mitigated_time = None + status.mitigated = False + status.last_modified = timezone.now() + status.save() # Clear the risk acceptance, if present ra_helper.risk_unaccept(request.user, finding) finding.save(dedupe_option=False, push_to_jira=False) if jira_helper.is_push_all_issues(finding) or jira_helper.is_keep_in_sync_with_jira(finding): jira_helper.push_to_jira(finding) - reopen_external_issue(finding, "re-opened by defectdojo", "github") + reopen_external_issue(finding.id, "re-opened by defectdojo", "github") messages.add_message( request, messages.SUCCESS, "Finding Reopened.", extra_tags="alert-success", @@ -1353,7 +1374,7 @@ def copy_finding(request, fid): test = form.cleaned_data.get("test") product = finding.test.engagement.product finding_copy = finding.copy(test=test) - calculate_grade(product) + calculate_grade(product.id) messages.add_message( request, messages.SUCCESS, @@ -2045,7 +2066,7 @@ def promote_to_finding(request, fid): new_finding.save() - finding_helper.add_endpoints(new_finding, form) + finding_helper.add_locations(new_finding, form) push_to_jira = False if jform and jform.is_valid(): @@ -2101,7 +2122,7 @@ def promote_to_finding(request, fid): ).push_all_issues, ) if gform.is_valid(): - add_external_issue(new_finding, "github") + add_external_issue(new_finding.id, "github") messages.add_message( request, @@ -2641,7 +2662,7 @@ def _bulk_delete_findings(request, pid, form, finding_to_update, finds, total_fi request.user, product, Permissions.Finding_Delete, ) - finds = get_authorized_findings( + finds = get_authorized_findings_for_queryset( Permissions.Finding_Delete, finds, ).distinct() @@ -2733,7 +2754,7 @@ def _bulk_update_finding_status_and_severity(finds, form, request, system_settin fp.save_no_options() for prod in prods: - calculate_grade(prod) + calculate_grade(prod.id) if skipped_duplicate_count > 0: messages.add_message( @@ -2789,7 +2810,7 @@ def _bulk_update_risk_acceptance(finds, form, request, prods): ra_helper.risk_unaccept(request.user, finding) for prod in prods: - calculate_grade(prod) + calculate_grade(prod.id) if skipped_risk_accept_count > 0: messages.add_message( @@ -3047,7 +3068,7 @@ def finding_bulk_update_all(request, pid=None): ) # make sure users are not editing stuff they are not authorized for - finds = get_authorized_findings( + finds = get_authorized_findings_for_queryset( Permissions.Finding_Edit, finds, ).distinct() @@ -3084,9 +3105,9 @@ def finding_bulk_update_all(request, pid=None): old_status = finding.status() if form.cleaned_data["push_to_github"]: if GITHUB_Issue.objects.filter(finding=finding).exists(): - update_external_issue(finding, old_status, "github") + update_external_issue(finding.id, old_status, "github") else: - add_external_issue(finding, "github") + add_external_issue(finding.id, "github") if form.cleaned_data["notes"]: logger.debug("Setting bulk notes") diff --git a/dojo/finding_group/queries.py b/dojo/finding_group/queries.py index 987cf7f6901..030342521b5 100644 --- a/dojo/finding_group/queries.py +++ b/dojo/finding_group/queries.py @@ -1,19 +1,22 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import Finding_Group, Product_Group, Product_Member, Product_Type_Group, Product_Type_Member +from dojo.request_cache import cache_for_request -def get_authorized_finding_groups(permission, queryset=None, user=None): - +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request +def get_authorized_finding_groups(permission, user=None): + """Cached - returns all finding groups the user is authorized to see.""" if user is None: user = get_current_user() if user is None: return Finding_Group.objects.none() - finding_groups = Finding_Group.objects.all() if queryset is None else queryset + finding_groups = Finding_Group.objects.all() if user.is_superuser: return finding_groups @@ -22,29 +25,70 @@ def get_authorized_finding_groups(permission, queryset=None, user=None): return finding_groups roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("test__engagement__product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("test__engagement__product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("test__engagement__product_id"), - group__users=user, - role__in=roles) - finding_groups = finding_groups.annotate( - test__engagement__product__prod_type__member=Exists(authorized_product_type_roles), - test__engagement__product__member=Exists(authorized_product_roles), - test__engagement__product__prod_type__authorized_group=Exists(authorized_product_type_groups), - test__engagement__product__authorized_group=Exists(authorized_product_groups)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed return finding_groups.filter( - Q(test__engagement__product__prod_type__member=True) - | Q(test__engagement__product__member=True) - | Q(test__engagement__product__prod_type__authorized_group=True) - | Q(test__engagement__product__authorized_group=True)) + Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) + + +def get_authorized_finding_groups_for_queryset(permission, queryset, user=None): + """Filters a provided queryset for authorization. Not cached due to dynamic queryset parameter.""" + if user is None: + user = get_current_user() + + if user is None: + return Finding_Group.objects.none() + + if user.is_superuser: + return queryset + + if user_has_global_permission(user, permission): + return queryset + + roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return queryset.filter( + Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) diff --git a/dojo/fixtures/defect_dojo_sample_data_locations.json b/dojo/fixtures/defect_dojo_sample_data_locations.json new file mode 100644 index 00000000000..adcfebad8ff --- /dev/null +++ b/dojo/fixtures/defect_dojo_sample_data_locations.json @@ -0,0 +1,93351 @@ +[ +{ + "model": "auth.user", + "fields": { + "password": "argon2$argon2id$v=19$m=102400,t=2,p=8$S2NCTzJ5b0F6SUJPdnVZTXpJVnlDRA$eS/SvwIW7KoVnINE5uzkv5GZ7biJz34gA0WmRlHgqWQ", + "last_login": "2025-02-06T22:39:20.922Z", + "is_superuser": true, + "username": "admin", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": true, + "is_active": true, + "date_joined": "2021-07-02T00:21:09.430Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "auth.user", + "fields": { + "password": "pbkdf2_sha256$36000$XjtRvaEUL7kO$0fHWkPd13aIi6JYD1fadj1Vt1D8zDJCbbSzHFSXDBOw=", + "last_login": "2021-11-05T07:22:26.370Z", + "is_superuser": false, + "username": "product_manager", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-01T07:59:51Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "auth.user", + "fields": { + "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=", + "last_login": "2021-07-04T23:13:00.869Z", + "is_superuser": false, + "username": "user2", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-02T00:22:09.558Z", + "groups": [], + "user_permissions": [] + } +}, +{ + "model": "sessions.session", + "pk": "02imfxe3vzf9qqv4nz7zzatmyk7ccwsm", + "fields": { + "session_data": ".eJxVjEFOwzAQRe_idRWS2E6cSgiJBWLDCRCyZjyTxCW1kZ1sqHJ3XFGpsJz_3ryLsLCts90yJ-tJHEUjDn83BPfJ4QroBGGKlYthTR6rq1LdaK7eIvHyfHP_BWbIc_nWgwKtTI3Q907VHaBq-1aRZhpwHCQydugaSYM21DhE08jR9C3UElsNpkQpnqLFxEAubWfM4vh-EatfFy7913jm4mxpKceD2A939OID-TDlOx5_l6cvmNhm_82PUnVi_9h_AEdoWSA:1tYqC0:LSmimZ6BKjaiWqy0GWalABJpfYwXloJl6j0Uyq5H_pM", + "expire_date": "2025-01-31T17:31:36.944Z" + } +}, +{ + "model": "sessions.session", + "pk": "0fy0ogscdoq7gy7k3rsgp39zumcidfu9", + "fields": { + "session_data": "NzEyZjZiNDQ0ZTBkNTllYjE2MjY5OTRmYjBhZjRlNTU1NjIyOTcxZDp7Il9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-12-07T06:07:31.598Z" + } +}, +{ + "model": "sessions.session", + "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", + "fields": { + "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==", + "expire_date": "2021-07-18T23:13:01.138Z" + } +}, +{ + "model": "sessions.session", + "pk": "91he362uu4zzlkmhn3g87fstw6gpb8h9", + "fields": { + "session_data": "NTU0NDNiNWE4YzY2Y2I2ZGQ4ZjQ4ZWM1NTZhZmFmZmEzODI0ODJiMDp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T05:11:08.323Z" + } +}, +{ + "model": "sessions.session", + "pk": "9voht5jb42emoela71zpbqz04ror8xcw", + "fields": { + "session_data": "NjZhNGEzMTYxNjE4OWEzOWMwNWU1Njg0ODg5NTQ4Mzk3N2I0OTVkMzp7ImRvam9fYnJlYWRjcnVtYnMiOm51bGwsIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-30T06:31:13.710Z" + } +}, +{ + "model": "sessions.session", + "pk": "c29i459wf0jkdkluez09s3yjmqos689f", + "fields": { + "session_data": "MzllYzU2NjM4MDcwY2MxNjRiOTI2YzU5NDE1Y2Y2YWE3Y2Q2N2RmODp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVkMDczODI0ZmUyNmMyZDc4M2NjZmVlMjU2YTI4OWU1NTFiOTVhYTUiLCJfYXV0aF91c2VyX2lkIjoiMSIsIl9hdXRoX3VzZXJfYmFja2VuZCI6ImRqYW5nby5jb250cmliLmF1dGguYmFja2VuZHMuTW9kZWxCYWNrZW5kIn0=", + "expire_date": "2021-12-07T05:18:56.251Z" + } +}, +{ + "model": "sessions.session", + "pk": "eme9gyi7zn436wzeyoto51egukxj8qy7", + "fields": { + "session_data": ".eJxVjEEOwiAQRe_C2hBgKDAu3fcMZIBRqoYmpV0Z765NutDtf-_9l4i0rTVunZc4FXEWWpx-t0T5wW0H5U7tNss8t3WZktwVedAux7nw83K4fweVev3WjorL2Rob0A5ac4JQfFYKgIkheGJkjaiNHxDRXTUoJA5gKRlQ2Yr3B8_sNxs:1mbNDM:BgL5LziNRBqwTSTO0RrBtCMHXn6G7AB2drrlm17fEdc", + "expire_date": "2025-01-17T05:47:46.263Z" + } +}, +{ + "model": "sessions.session", + "pk": "g0fpchyt0my3n4ks1v2jj0lp3hgsdjgg", + "fields": { + "session_data": ".eJxVjLsOwjAMRf8lc1UCLaFmZGJhYEaocmKHFkoj8piq_jtBQjxG33N8JtFiil2bAvu2J7EVS1H8bhrNjccXoCuOF1caN0bf6_KllG8ayoMjHnZv9y_QYejytwS20GgEuamtUqw0NhZhDUAgFXClDUmLTSXNSpFkIrmqaGNr0gTrqs5RclfXas9Ixqe7DmJ7mkTs48C5v3d3zk7yQz4WYi6-6Jg4xN6N4csfn2k-z0_ReVZ2:1mbNL6:bNhQm1g9-3-4R9g0NeLcUGe06pb69i1dvOQXk_fOGcQ", + "expire_date": "2025-01-17T05:55:46.185Z" + } +}, +{ + "model": "sessions.session", + "pk": "gv3v9rnpgxqswy7lin8p55oqahdeatwu", + "fields": { + "session_data": "Mjk5OGE0MDZiZWZkMzRiZjcxZDg4MWE2M2U4NDM1ZTExOWQ3MGM0ZTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii90ZXN0X3R5cGUiLCJ0aXRsZSI6IlRlc3QgVHlwZSBMaXN0In1dLCJfYXV0aF91c2VyX2hhc2giOiJjOGQxY2IxNDU1NmI5YzYyZmRkMjRlMTEwNDljMjMyNjlkYTgzZDU2IiwiX2F1dGhfdXNlcl9pZCI6IjEiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCJ9", + "expire_date": "2021-11-17T06:33:39.074Z" + } +}, +{ + "model": "sessions.session", + "pk": "hh7aa53kw2wh8y2qjhvhe77nmmgkpprg", + "fields": { + "session_data": ".eJxVjMsOgjAQRX_FdE2QRwvFpSsXmrg3hsx0iqBITR8rw79bowm6nHvOnCdrIfi-DU7bdiC2YTlLfjcEddPTG9AVpotJlZm8HTB9K-mXuvRgSI_br_sX6MH18Vs0HASXGUJdK55VgLyoC05CU4NdU6LGClVeUiMk5QpR5mUn6wKyEgsBMkbJXE2LVgMpG-7o2Ob0ZH7wo479nbnr6AQ7xmPN5mRBR2soKL_aD84vyuOzsvk8vwDdxlXd:1tgAX1:A2cnrBjS-SjpnonsUeWQnNJjfWT79Ahe-2WwfkEvp7c", + "expire_date": "2025-02-20T22:39:35.077Z" + } +}, +{ + "model": "sessions.session", + "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", + "fields": { + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-19T22:22:52.744Z" + } +}, +{ + "model": "sessions.session", + "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q", + "fields": { + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T07:37:14.206Z" + } +}, +{ + "model": "sessions.session", + "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0", + "fields": { + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T12:12:49.262Z" + } +}, +{ + "model": "sessions.session", + "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", + "fields": { + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-16T00:21:49.329Z" + } +}, +{ + "model": "sites.site", + "fields": { + "domain": "example.com", + "name": "example.com" + } +}, +{ + "model": "admin.logentry", + "pk": 1, + "fields": { + "action_time": "2021-07-02T00:22:01.258Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "user1", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 2, + "fields": { + "action_time": "2021-07-02T00:22:09.722Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "3", + "object_repr": "user2", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 3, + "fields": { + "action_time": "2021-11-04T08:57:11.661Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 4, + "fields": { + "action_time": "2021-11-04T08:57:21.204Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 5, + "fields": { + "action_time": "2021-11-04T08:57:32.008Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 6, + "fields": { + "action_time": "2021-11-04T08:58:15.735Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 7, + "fields": { + "action_time": "2021-11-04T08:58:43.433Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "5", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 8, + "fields": { + "action_time": "2021-11-04T08:58:43.474Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "7", + "object_repr": "DUMMY FINDING", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 9, + "fields": { + "action_time": "2021-11-04T08:58:43.495Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 10, + "fields": { + "action_time": "2021-11-04T08:58:43.501Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 11, + "fields": { + "action_time": "2021-11-04T08:58:43.507Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 12, + "fields": { + "action_time": "2021-11-04T08:58:43.512Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" + } +}, +{ + "model": "admin.logentry", + "pk": 13, + "fields": { + "action_time": "2021-11-04T09:00:09.825Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "1", + "object_repr": "Java", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 14, + "fields": { + "action_time": "2021-11-04T09:13:05.793Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "4", + "object_repr": "XML", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 15, + "fields": { + "action_time": "2021-11-04T09:14:00.425Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "3", + "object_repr": "JavaScript", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 16, + "fields": { + "action_time": "2021-11-04T09:20:33.497Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "notification_webhooks" + ], + "object_id": "1", + "object_repr": "Tomcat | Bodgeit", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 17, + "fields": { + "action_time": "2021-11-04T13:06:05.480Z", + "user": [ + "admin" + ], + "content_type": [ + "dojo", + "jira_issue" + ], + "object_id": "2", + "object_repr": "Python", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 18, + "fields": { + "action_time": "2021-11-05T07:13:16.077Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "1", + "object_repr": "admin", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 19, + "fields": { + "action_time": "2021-11-05T07:13:53.435Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" + } +}, +{ + "model": "admin.logentry", + "pk": 20, + "fields": { + "action_time": "2021-11-05T07:21:45.543Z", + "user": [ + "admin" + ], + "content_type": [ + "auth", + "user" + ], + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]" + } +}, +{ + "model": "dojo.regulation", + "pk": 1, + "fields": { + "name": "Payment Card Industry Data Security Standard", + "acronym": "PCI DSS", + "category": "finance", + "jurisdiction": "United States", + "description": "The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.", + "reference": "http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard" + } +}, +{ + "model": "dojo.regulation", + "pk": 2, + "fields": { + "name": "Health Insurance Portability and Accountability Act", + "acronym": "HIPAA", + "category": "medical", + "jurisdiction": "United States", + "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", + "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 3, + "fields": { + "name": "Family Educational Rights and Privacy Act", + "acronym": "FERPA", + "category": "education", + "jurisdiction": "United States", + "description": "The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. Other regulations under this act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses.", + "reference": "http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 4, + "fields": { + "name": "Sarbanes–Oxley Act", + "acronym": "SOX", + "category": "finance", + "jurisdiction": "United States", + "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", + "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 5, + "fields": { + "name": "Gramm–Leach–Bliley Act", + "acronym": "GLBA", + "category": "finance", + "jurisdiction": "United States", + "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", + "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 6, + "fields": { + "name": "Personal Information Protection and Electronic Documents Act", + "acronym": "PIPEDA", + "category": "privacy", + "jurisdiction": "Canada", + "description": "The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.", + "reference": "http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 7, + "fields": { + "name": "Data Protection Act 1998", + "acronym": "DPA", + "category": "privacy", + "jurisdiction": "United Kingdom", + "description": "The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.", + "reference": "http://en.wikipedia.org/wiki/Data_Protection_Act_1998" + } +}, +{ + "model": "dojo.regulation", + "pk": 8, + "fields": { + "name": "Children's Online Privacy Protection Act", + "acronym": "COPPA", + "category": "privacy", + "jurisdiction": "United States", + "description": "The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the amount of cash and work involved in the law compliance.", + "reference": "http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 9, + "fields": { + "name": "California Security Breach Information Act", + "acronym": "CA SB-1386", + "category": "privacy", + "jurisdiction": "United States, California", + "description": "In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.", + "reference": "http://en.wikipedia.org/wiki/California_S.B._1386" + } +}, +{ + "model": "dojo.regulation", + "pk": 10, + "fields": { + "name": "California Online Privacy Protection Act", + "acronym": "OPPA", + "category": "privacy", + "jurisdiction": "United States, California", + "description": "The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.", + "reference": "http://en.wikipedia.org/wiki/Online_Privacy_Protection_Act" + } +}, +{ + "model": "dojo.regulation", + "pk": 11, + "fields": { + "name": "Data Protection Directive", + "acronym": "Directive 95/46/EC", + "category": "privacy", + "jurisdiction": "European Union", + "description": "The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.", + "reference": "http://en.wikipedia.org/wiki/Data_Protection_Directive" + } +}, +{ + "model": "dojo.regulation", + "pk": 12, + "fields": { + "name": "Directive on Privacy and Electronic Communications", + "acronym": "Directive 2002/58/EC", + "category": "privacy", + "jurisdiction": "European Union", + "description": "Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.", + "reference": "http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications" + } +}, +{ + "model": "dojo.regulation", + "pk": 13, + "fields": { + "name": "General Data Protection Regulation", + "acronym": "GDPR", + "category": "privacy", + "jurisdiction": "EU & EU Data Extra-Territorial Applicability", + "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.", + "reference": "https://www.eugdpr.org/" + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 1, + "fields": { + "user": [ + "admin" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 2, + "fields": { + "user": [ + "product_manager" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.usercontactinfo", + "pk": 3, + "fields": { + "user": [ + "user2" + ], + "title": null, + "phone_number": "", + "cell_number": "", + "twitter_username": null, + "github_username": null, + "slack_username": null, + "slack_user_id": null, + "block_execution": false, + "force_password_reset": false, + "token_last_reset": null, + "password_last_reset": null + } +}, +{ + "model": "dojo.role", + "pk": 1, + "fields": { + "name": "API_Importer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 2, + "fields": { + "name": "Writer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 3, + "fields": { + "name": "Maintainer", + "is_owner": false + } +}, +{ + "model": "dojo.role", + "pk": 4, + "fields": { + "name": "Owner", + "is_owner": true + } +}, +{ + "model": "dojo.role", + "pk": 5, + "fields": { + "name": "Reader", + "is_owner": false + } +}, +{ + "model": "dojo.system_settings", + "pk": 1, + "fields": { + "enable_deduplication": false, + "delete_duplicates": false, + "max_dupes": null, + "email_from": "no-reply@example.com", + "enable_jira": false, + "enable_jira_web_hook": false, + "disable_jira_webhook_secret": false, + "jira_webhook_secret": null, + "jira_minimum_severity": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "enable_github": false, + "enable_slack_notifications": false, + "slack_channel": "", + "slack_token": "", + "slack_username": "", + "enable_msteams_notifications": false, + "msteams_url": "", + "enable_mail_notifications": false, + "mail_notifications_to": "", + "enable_webhooks_notifications": false, + "webhooks_notifications_timeout": 10, + "enforce_verified_status": true, + "enforce_verified_status_jira": true, + "enforce_verified_status_product_grading": true, + "enforce_verified_status_metrics": true, + "false_positive_history": false, + "retroactive_false_positive_history": false, + "url_prefix": "", + "team_name": "", + "enable_product_grade": true, + "product_grade_a": 90, + "product_grade_b": 80, + "product_grade_c": 70, + "product_grade_d": 60, + "product_grade_f": 59, + "enable_product_tag_inheritance": false, + "enable_benchmark": true, + "enable_similar_findings": true, + "engagement_auto_close": false, + "engagement_auto_close_days": 3, + "enable_finding_sla": true, + "enable_notify_sla_active": false, + "enable_notify_sla_active_verified": false, + "enable_notify_sla_jira_only": false, + "enable_notify_sla_exponential_backoff": false, + "allow_anonymous_survey_repsonse": false, + "credentials": "", + "disclaimer_notifications": "", + "disclaimer_reports": "", + "disclaimer_reports_forced": false, + "disclaimer_notes": "", + "risk_acceptance_form_default_days": 180, + "risk_acceptance_notify_before_expiration": 10, + "enable_credentials": true, + "enable_questionnaires": true, + "enable_checklists": true, + "enable_endpoint_metadata_import": true, + "enable_user_profile_editable": true, + "enable_product_tracking_files": true, + "enable_finding_groups": true, + "enable_ui_table_based_searching": true, + "enable_calendar": true, + "enable_cvss3_display": true, + "enable_cvss4_display": true, + "default_group": null, + "default_group_role": null, + "default_group_email_pattern": "", + "minimum_password_length": 9, + "maximum_password_length": 48, + "number_character_required": true, + "special_character_required": true, + "lowercase_character_required": true, + "uppercase_character_required": true, + "non_common_password_required": true, + "api_expose_error_details": false, + "filter_string_matching": false + } +}, +{ + "model": "dojo.product_type", + "pk": 1, + "fields": { + "created": null, + "updated": null, + "name": "Research and Development", + "description": null, + "critical_product": false, + "key_product": false + } +}, +{ + "model": "dojo.product_type", + "pk": 2, + "fields": { + "created": null, + "updated": "2021-11-04T09:27:38.846Z", + "name": "Commerce", + "description": null, + "critical_product": true, + "key_product": false + } +}, +{ + "model": "dojo.product_type", + "pk": 3, + "fields": { + "created": null, + "updated": "2021-11-04T09:27:51.762Z", + "name": "Billing", + "description": null, + "critical_product": false, + "key_product": true + } +}, +{ + "model": "dojo.report_type", + "pk": 1, + "fields": { + "name": "Type 1" + } +}, +{ + "model": "dojo.report_type", + "pk": 2, + "fields": { + "name": "Type 2" + } +}, +{ + "model": "dojo.report_type", + "pk": 3, + "fields": { + "name": "Type 3" + } +}, +{ + "model": "dojo.test_type", + "pk": 1, + "fields": { + "name": "API Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 2, + "fields": { + "name": "Static Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 3, + "fields": { + "name": "Pen Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 4, + "fields": { + "name": "Nessus Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 5, + "fields": { + "name": "Web Application Test", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 6, + "fields": { + "name": "Security Research", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 7, + "fields": { + "name": "Threat Modeling", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 8, + "fields": { + "name": "Veracode Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 9, + "fields": { + "name": "Burp Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 10, + "fields": { + "name": "Nexpose Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 11, + "fields": { + "name": "ZAP Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 12, + "fields": { + "name": "Checkmarx Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 13, + "fields": { + "name": "OpenVAS CSV", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 14, + "fields": { + "name": "Bandit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 15, + "fields": { + "name": "SSL Labs Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 16, + "fields": { + "name": "AppSpider Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 17, + "fields": { + "name": "Dependency Check Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 18, + "fields": { + "name": "Generic Findings Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 19, + "fields": { + "name": "Nmap Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 20, + "fields": { + "name": "Node Security Platform Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 21, + "fields": { + "name": "Qualys Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 22, + "fields": { + "name": "Qualys Web App Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 23, + "fields": { + "name": "Retire.js Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 24, + "fields": { + "name": "SKF Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 25, + "fields": { + "name": "Snyk Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 27, + "fields": { + "name": "Trustwave", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 28, + "fields": { + "name": "VCG Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 29, + "fields": { + "name": "Manual Code Review", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 30, + "fields": { + "name": "Gosec Scanner", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 31, + "fields": { + "name": "NPM Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 32, + "fields": { + "name": "Clair Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 33, + "fields": { + "name": "Acunetix Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 34, + "fields": { + "name": "Acunetix360 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 35, + "fields": { + "name": "Anchore Engine Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 36, + "fields": { + "name": "Anchore Enterprise Policy Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 37, + "fields": { + "name": "Anchore Grype", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 38, + "fields": { + "name": "Aqua Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 39, + "fields": { + "name": "Arachni Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 40, + "fields": { + "name": "AuditJS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 41, + "fields": { + "name": "AWS Prowler Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 42, + "fields": { + "name": "AWS Scout2 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 43, + "fields": { + "name": "AWS Security Hub Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 44, + "fields": { + "name": "Azure Security Center Recommendations Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 45, + "fields": { + "name": "Blackduck Hub Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 46, + "fields": { + "name": "Blackduck Component Risk", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 47, + "fields": { + "name": "Brakeman Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 48, + "fields": { + "name": "BugCrowd Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 49, + "fields": { + "name": "Bundler-Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 50, + "fields": { + "name": "Burp REST API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 51, + "fields": { + "name": "Burp Enterprise Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 52, + "fields": { + "name": "Burp GraphQL API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 53, + "fields": { + "name": "CargoAudit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 54, + "fields": { + "name": "CCVS Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 55, + "fields": { + "name": "Checkmarx Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 56, + "fields": { + "name": "Checkmarx OSA", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 57, + "fields": { + "name": "Checkov Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 58, + "fields": { + "name": "Rusty Hog Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 59, + "fields": { + "name": "Clair Klar Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 60, + "fields": { + "name": "Cloudsploit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 61, + "fields": { + "name": "Cobalt.io Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 62, + "fields": { + "name": "Cobalt.io API Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 63, + "fields": { + "name": "Contrast Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 64, + "fields": { + "name": "Coverity API", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 65, + "fields": { + "name": "Crashtest Security JSON File", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 66, + "fields": { + "name": "Crashtest Security XML File", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 67, + "fields": { + "name": "CredScan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 68, + "fields": { + "name": "CycloneDX Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 69, + "fields": { + "name": "DawnScanner Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 70, + "fields": { + "name": "Dependency Track Finding Packaging Format (FPF) Export", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 71, + "fields": { + "name": "Detect-secrets Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 72, + "fields": { + "name": "Dockle Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 73, + "fields": { + "name": "DrHeader JSON Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 74, + "fields": { + "name": "DSOP Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 75, + "fields": { + "name": "ESLint Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 76, + "fields": { + "name": "Fortify Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 77, + "fields": { + "name": "Github Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 78, + "fields": { + "name": "GitLab API Fuzzing Report Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 79, + "fields": { + "name": "GitLab Container Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 80, + "fields": { + "name": "GitLab DAST Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 81, + "fields": { + "name": "GitLab Dependency Scanning Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 82, + "fields": { + "name": "GitLab SAST Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 83, + "fields": { + "name": "GitLab Secret Detection Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 84, + "fields": { + "name": "Gitleaks Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 85, + "fields": { + "name": "HackerOne Cases", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 86, + "fields": { + "name": "Hadolint Dockerfile check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 87, + "fields": { + "name": "Harbor Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 88, + "fields": { + "name": "HuskyCI Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 89, + "fields": { + "name": "IBM AppScan DAST", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 90, + "fields": { + "name": "Immuniweb Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 91, + "fields": { + "name": "IntSights Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 92, + "fields": { + "name": "JFrog Xray Unified Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 93, + "fields": { + "name": "JFrog Xray Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 94, + "fields": { + "name": "KICS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 95, + "fields": { + "name": "Kiuwan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 96, + "fields": { + "name": "kube-bench Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 97, + "fields": { + "name": "Meterian Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 98, + "fields": { + "name": "Microfocus Webinspect Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 99, + "fields": { + "name": "MobSF Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 100, + "fields": { + "name": "Mobsfscan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 101, + "fields": { + "name": "Mozilla Observatory Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 102, + "fields": { + "name": "Nessus WAS Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 103, + "fields": { + "name": "Netsparker Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 104, + "fields": { + "name": "Nikto Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 105, + "fields": { + "name": "Nuclei Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 106, + "fields": { + "name": "Openscap Vulnerability Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 107, + "fields": { + "name": "ORT evaluated model Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 108, + "fields": { + "name": "OssIndex Devaudit SCA Scan Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 109, + "fields": { + "name": "Outpost24 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 110, + "fields": { + "name": "PHP Security Audit v2", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 111, + "fields": { + "name": "PHP Symfony Security Check", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 112, + "fields": { + "name": "PMD Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 113, + "fields": { + "name": "Qualys Infrastructure Scan (WebGUI XML)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 114, + "fields": { + "name": "Qualys Webapp Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 115, + "fields": { + "name": "Risk Recon API Importer", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 117, + "fields": { + "name": "SARIF", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 118, + "fields": { + "name": "Scantist Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 119, + "fields": { + "name": "Scout Suite Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 120, + "fields": { + "name": "Semgrep JSON Report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 121, + "fields": { + "name": "SonarQube Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 122, + "fields": { + "name": "SonarQube Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 123, + "fields": { + "name": "SonarQube API Import", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 124, + "fields": { + "name": "Sonatype Application Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 125, + "fields": { + "name": "SpotBugs Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 126, + "fields": { + "name": "Sslscan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 127, + "fields": { + "name": "SSLyze Scan (JSON)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 128, + "fields": { + "name": "Sslyze Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 129, + "fields": { + "name": "Terrascan Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 130, + "fields": { + "name": "Testssl Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 131, + "fields": { + "name": "TFSec Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 132, + "fields": { + "name": "Trivy Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 133, + "fields": { + "name": "Trufflehog Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 134, + "fields": { + "name": "Trufflehog3 Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 135, + "fields": { + "name": "Trustwave Scan (CSV)", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 136, + "fields": { + "name": "Trustwave Fusion API Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 137, + "fields": { + "name": "Twistlock Image Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 138, + "fields": { + "name": "Wapiti Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 139, + "fields": { + "name": "WFuzz JSON report", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 140, + "fields": { + "name": "WhiteHat Sentinel", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 141, + "fields": { + "name": "Mend Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 142, + "fields": { + "name": "Wpscan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 143, + "fields": { + "name": "Xanitizer Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 144, + "fields": { + "name": "Yarn Audit Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.test_type", + "pk": 149, + "fields": { + "name": "JFrog Xray On Demand Binary Scan", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } +}, +{ + "model": "dojo.sla_configuration", + "pk": 1, + "fields": { + "name": "Default", + "description": "The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.", + "critical": 7, + "enforce_critical": true, + "high": 30, + "enforce_high": true, + "medium": 90, + "enforce_medium": true, + "low": 120, + "enforce_low": true, + "restart_sla_on_reactivation": false, + "async_updating": false + } +}, +{ + "model": "dojo.tagulous_product_tags", + "pk": 1, + "fields": { + "name": "retire", + "slug": "retire", + "count": 1, + "protected": false + } +}, +{ + "model": "dojo.product", + "pk": 1, + "fields": { + "created": null, + "updated": "2025-01-17T16:52:28.298Z", + "name": "BodgeIt", + "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "product_manager" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 5, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "internal", + "user_records": 1000000000, + "revenue": "1000.00", + "external_audience": true, + "internet_accessible": true, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [ + 13, + 1 + ], + "tags": [ + "retire" + ] + } +}, +{ + "model": "dojo.product", + "pk": 2, + "fields": { + "created": null, + "updated": "2025-01-17T16:52:28.346Z", + "name": "Internal CRM App", + "description": "* New product in development that attempts to follow all best practices", + "product_manager": [ + "product_manager" + ], + "technical_contact": [ + "product_manager" + ], + "team_manager": [ + "user2" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 51, + "business_criticality": "medium", + "platform": "web", + "lifecycle": "construction", + "origin": "internal", + "user_records": null, + "revenue": null, + "external_audience": false, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [], + "tags": [] + } +}, +{ + "model": "dojo.product", + "pk": 3, + "fields": { + "created": null, + "updated": "2025-02-06T22:39:22.655Z", + "name": "Apple Accounting Software", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "user2" + ], + "prod_type": 3, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 100, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "purchased", + "user_records": 5000, + "revenue": null, + "external_audience": true, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false, + "regulations": [ + 5 + ], + "tags": [] + } +}, +{ + "model": "dojo.tool_type", + "pk": 1, + "fields": { + "name": "DAST", + "description": "Dynamic Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 2, + "fields": { + "name": "SAST", + "description": "Static Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 3, + "fields": { + "name": "IAST", + "description": "Interactive Application Security Testing" + } +}, +{ + "model": "dojo.tool_type", + "pk": 4, + "fields": { + "name": "Source Code", + "description": "Source Code Management" + } +}, +{ + "model": "dojo.tool_type", + "pk": 5, + "fields": { + "name": "Build Sever", + "description": "Build Server" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 1, + "fields": { + "name": "Tool Configuration 1", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 1, + "authentication_type": "Password", + "extras": null, + "username": "user1", + "password": "user1", + "auth_title": "", + "ssh": "", + "api_key": "" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 2, + "fields": { + "name": "Tool Configuration 2", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 2, + "authentication_type": "API", + "extras": null, + "username": "", + "password": "", + "auth_title": "test key", + "ssh": "", + "api_key": "test string" + } +}, +{ + "model": "dojo.tool_configuration", + "pk": 3, + "fields": { + "name": "Tool Configuration 3", + "description": "test configuration", + "url": "http://www.example.com", + "tool_type": 3, + "authentication_type": "SSH", + "extras": null, + "username": "", + "password": "", + "auth_title": "test ssh", + "ssh": "test string", + "api_key": "" + } +}, +{ + "model": "dojo.tagulous_engagement_tags", + "pk": 2, + "fields": { + "name": "pci", + "slug": "pci", + "count": 2, + "protected": false + } +}, +{ + "model": "dojo.engagement", + "pk": 1, + "fields": { + "created": null, + "updated": null, + "name": "1st Quarter Engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 2, + "fields": { + "created": null, + "updated": "2021-11-04T09:15:49.870Z", + "name": "April Monthly Engagement", + "description": "Requested by the team for regular manual checkup by the security team.", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 3, + "fields": { + "created": null, + "updated": null, + "name": "weekly engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-21", + "target_end": "2021-06-22", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 4, + "fields": { + "created": "2021-11-04T09:01:00.647Z", + "updated": "2021-11-04T09:14:58.726Z", + "name": "Static Scan", + "description": "Initial static scan for Bodgeit.", + "version": "v.1.2.0", + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-10", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 6, + "fields": { + "created": "2021-11-04T09:25:29.380Z", + "updated": "2021-11-04T09:26:47.339Z", + "name": "Quarterly PCI Scan", + "description": "Reccuring Quarterly Scan", + "version": null, + "first_contacted": null, + "target_start": "2022-01-19", + "target_end": "2022-01-26", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [ + "pci" + ], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 7, + "fields": { + "created": "2021-11-04T09:36:15.136Z", + "updated": "2021-11-04T09:36:15.136Z", + "name": "Ad Hoc Engagement", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-03", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": false, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 8, + "fields": { + "created": "2021-11-04T09:42:51.116Z", + "updated": "2021-11-04T09:44:29.481Z", + "name": "Initial Assessment", + "description": "This application needs to be assesed to determine the security posture.", + "version": "10.2.1", + "first_contacted": null, + "target_start": "2021-12-20", + "target_end": "2021-12-27", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 3, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 10, + "fields": { + "created": "2021-11-05T06:44:35.773Z", + "updated": "2021-11-05T06:49:39.475Z", + "name": "Multiple scanners", + "description": "Example engagement with multiple scan types.", + "version": "1.2.1", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [ + "pci" + ], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 11, + "fields": { + "created": "2021-11-05T06:54:11.880Z", + "updated": "2021-11-05T06:55:42.622Z", + "name": "Manual PenTest", + "description": "Please do a manual pentest before our next release to prod.", + "version": "1.9.1", + "first_contacted": null, + "target_start": "2021-12-30", + "target_end": "2022-01-02", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Blocked", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 12, + "fields": { + "created": "2021-11-05T07:06:26.136Z", + "updated": "2021-11-05T07:07:44.126Z", + "name": "CI/CD Baseline Security Test", + "description": "", + "version": "1.1.2", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-11", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": "https://github.com/psiinon/bodgeit", + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "CI/CD", + "build_id": "89", + "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6", + "branch_tag": "master", + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": "https://github.com/psiinon/bodgeit", + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.engagement", + "pk": 13, + "fields": { + "created": "2021-11-05T10:43:05.446Z", + "updated": "2021-11-05T10:43:05.446Z", + "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false, + "notes": [], + "files": [], + "risk_acceptance": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.development_environment", + "pk": 1, + "fields": { + "name": "AWS" + } +}, +{ + "model": "dojo.development_environment", + "pk": 2, + "fields": { + "name": "Staging" + } +}, +{ + "model": "dojo.development_environment", + "pk": 3, + "fields": { + "name": "Production" + } +}, +{ + "model": "dojo.development_environment", + "pk": 4, + "fields": { + "name": "Test" + } +}, +{ + "model": "dojo.development_environment", + "pk": 5, + "fields": { + "name": "Pre-prod" + } +}, +{ + "model": "dojo.development_environment", + "pk": 6, + "fields": { + "name": "Lab" + } +}, +{ + "model": "dojo.development_environment", + "pk": 7, + "fields": { + "name": "Development" + } +}, +{ + "model": "dojo.test", + "pk": 3, + "fields": { + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 13, + "fields": { + "engagement": 2, + "lead": [ + "product_manager" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-03-21T01:00:00Z", + "target_end": "2021-03-22T01:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 14, + "fields": { + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 15, + "fields": { + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:01:30.563Z", + "created": "2021-11-04T09:01:30.563Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 16, + "fields": { + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:03:25.139Z", + "created": "2021-11-04T09:03:25.139Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 18, + "fields": { + "engagement": 6, + "lead": [ + "admin" + ], + "test_type": 21, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2022-01-19T00:00:00Z", + "target_end": "2022-01-24T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:26:34.003Z", + "created": "2021-11-04T09:25:46.327Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 19, + "fields": { + "engagement": 7, + "lead": null, + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T09:36:15.180Z", + "target_end": "2021-11-04T09:36:15.180Z", + "percent_complete": null, + "environment": null, + "updated": "2021-11-04T09:36:15.180Z", + "created": "2021-11-04T09:36:15.180Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 20, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:09.101Z", + "created": "2021-11-04T09:43:09.101Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 21, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 19, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 2, + "updated": "2021-11-04T09:43:23.410Z", + "created": "2021-11-04T09:43:23.410Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 22, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:41.711Z", + "created": "2021-11-04T09:43:41.711Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 23, + "fields": { + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 11, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:44:01.815Z", + "created": "2021-11-04T09:44:01.815Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 25, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:44:35.814Z", + "created": "2021-11-05T06:44:35.814Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 26, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 28, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:46:06.450Z", + "created": "2021-11-05T06:46:06.450Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 28, + "fields": { + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:47:17.517Z", + "created": "2021-11-05T06:47:17.518Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 29, + "fields": { + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 29, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-05T06:54:23.989Z", + "created": "2021-11-05T06:54:23.989Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 30, + "fields": { + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 5, + "updated": "2021-11-05T06:54:35.499Z", + "created": "2021-11-05T06:54:35.499Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 31, + "fields": { + "engagement": 12, + "lead": [ + "admin" + ], + "test_type": 30, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T07:07:18.034Z", + "created": "2021-11-05T07:07:18.034Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.test", + "pk": 32, + "fields": { + "engagement": 13, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T10:43:05.485Z", + "created": "2021-11-05T10:43:05.485Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 2, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.707Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 3, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.280Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 4, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.297Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 5, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:12.850Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 6, + "fields": { + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.314Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 7, + "fields": { + "created": null, + "updated": null, + "title": "Dummy Finding", + "date": "2021-03-20", + "sla_start_date": null, + "sla_expiration_date": "2021-04-19", + "cwe": 1, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "http://www.example.com", + "severity": "High", + "description": "TEST finding", + "mitigation": "MITIGATION", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.331Z", + "review_requested_by": [ + "product_manager" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "product_manager" + ], + "is_mitigated": false, + "thread_id": 1, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "product_manager" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "line": 100, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 8, + "fields": { + "created": "2021-11-04T09:01:32.590Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:32.587Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 9, + "fields": { + "created": "2021-11-04T09:01:32.769Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.758Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:32.763Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 10, + "fields": { + "created": "2021-11-04T09:01:32.948Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:32.945Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 11, + "fields": { + "created": "2021-11-04T09:01:33.124Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.527Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.122Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 12, + "fields": { + "created": "2021-11-04T09:01:33.268Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 13, + "fields": { + "created": "2021-11-04T09:01:33.438Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:33.435Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 14, + "fields": { + "created": "2021-11-04T09:01:33.602Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.599Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 15, + "fields": { + "created": "2021-11-04T09:01:33.755Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.344Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 16, + "fields": { + "created": "2021-11-04T09:01:33.905Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.192Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 17, + "fields": { + "created": "2021-11-04T09:01:34.060Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.056Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 18, + "fields": { + "created": "2021-11-04T09:01:34.209Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.659Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 19, + "fields": { + "created": "2021-11-04T09:01:34.373Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.772Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.370Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 20, + "fields": { + "created": "2021-11-04T09:01:34.530Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.486Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:34.527Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 21, + "fields": { + "created": "2021-11-04T09:01:34.702Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.933Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.699Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 22, + "fields": { + "created": "2021-11-04T09:01:34.865Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.396Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.861Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 23, + "fields": { + "created": "2021-11-04T09:01:35.040Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.227Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.037Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 24, + "fields": { + "created": "2021-11-04T09:01:35.231Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.053Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 25, + "fields": { + "created": "2021-11-04T09:01:35.388Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 26, + "fields": { + "created": "2021-11-04T09:01:35.563Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.301Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.561Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 27, + "fields": { + "created": "2021-11-04T09:01:35.729Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.640Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.724Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 28, + "fields": { + "created": "2021-11-04T09:01:35.904Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.577Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 29, + "fields": { + "created": "2021-11-04T09:01:36.151Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.542Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 30, + "fields": { + "created": "2021-11-04T09:01:36.397Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.394Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 31, + "fields": { + "created": "2021-11-04T09:01:36.586Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.642Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 32, + "fields": { + "created": "2021-11-04T09:01:36.781Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.977Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 33, + "fields": { + "created": "2021-11-04T09:01:36.976Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.583Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:36.972Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 34, + "fields": { + "created": "2021-11-04T09:01:37.211Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.145Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 35, + "fields": { + "created": "2021-11-04T09:01:37.495Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 36, + "fields": { + "created": "2021-11-04T09:01:37.702Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.138Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 37, + "fields": { + "created": "2021-11-04T09:01:37.894Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.165Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 38, + "fields": { + "created": "2021-11-04T09:01:38.083Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.328Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.079Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 39, + "fields": { + "created": "2021-11-04T09:01:38.281Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.306Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.277Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 40, + "fields": { + "created": "2021-11-04T09:01:38.499Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.989Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.495Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 41, + "fields": { + "created": "2021-11-04T09:01:38.694Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.038Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.690Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 42, + "fields": { + "created": "2021-11-04T09:01:38.895Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 43, + "fields": { + "created": "2021-11-04T09:01:39.107Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.727Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.102Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 44, + "fields": { + "created": "2021-11-04T09:01:39.298Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.686Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.295Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 45, + "fields": { + "created": "2021-11-04T09:01:39.448Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:39.444Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 46, + "fields": { + "created": "2021-11-04T09:01:39.616Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.443Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.613Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 47, + "fields": { + "created": "2021-11-04T09:01:39.814Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.551Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.809Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 48, + "fields": { + "created": "2021-11-04T09:01:40.005Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.964Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.001Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 49, + "fields": { + "created": "2021-11-04T09:01:40.176Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.605Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.173Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 50, + "fields": { + "created": "2021-11-04T09:01:40.355Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 51, + "fields": { + "created": "2021-11-04T09:01:40.539Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.724Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:40.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 52, + "fields": { + "created": "2021-11-04T09:01:40.715Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.598Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.710Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 53, + "fields": { + "created": "2021-11-04T09:01:40.869Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.582Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.865Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 54, + "fields": { + "created": "2021-11-04T09:01:41.022Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.271Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.019Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 55, + "fields": { + "created": "2021-11-04T09:01:41.178Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.820Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.175Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 56, + "fields": { + "created": "2021-11-04T09:01:41.335Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.516Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.332Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 57, + "fields": { + "created": "2021-11-04T09:01:41.494Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.970Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 58, + "fields": { + "created": "2021-11-04T09:01:41.669Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.505Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:41.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 59, + "fields": { + "created": "2021-11-04T09:01:41.820Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.084Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.817Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 60, + "fields": { + "created": "2021-11-04T09:01:41.972Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.970Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 61, + "fields": { + "created": "2021-11-04T09:01:42.130Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.376Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 62, + "fields": { + "created": "2021-11-04T09:01:42.302Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.836Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.298Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 63, + "fields": { + "created": "2021-11-04T09:01:42.457Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"    \" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.855Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.453Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 64, + "fields": { + "created": "2021-11-04T09:01:42.620Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.552Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.617Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 65, + "fields": { + "created": "2021-11-04T09:01:42.796Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.547Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 66, + "fields": { + "created": "2021-11-04T09:01:42.956Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.025Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.953Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 67, + "fields": { + "created": "2021-11-04T09:01:43.115Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.789Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 68, + "fields": { + "created": "2021-11-04T09:01:43.269Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.881Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.267Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 69, + "fields": { + "created": "2021-11-04T09:01:43.431Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.831Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.428Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 70, + "fields": { + "created": "2021-11-04T09:01:43.595Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.980Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.592Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 71, + "fields": { + "created": "2021-11-04T09:01:43.752Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.521Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.749Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 72, + "fields": { + "created": "2021-11-04T09:01:43.931Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.785Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.927Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 73, + "fields": { + "created": "2021-11-04T09:01:44.091Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.274Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.088Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 74, + "fields": { + "created": "2021-11-04T09:01:44.250Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.247Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 75, + "fields": { + "created": "2021-11-04T09:01:44.408Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.518Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 76, + "fields": { + "created": "2021-11-04T09:01:44.599Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.347Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.595Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 77, + "fields": { + "created": "2021-11-04T09:01:44.798Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.680Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.794Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 78, + "fields": { + "created": "2021-11-04T09:01:44.961Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.955Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 79, + "fields": { + "created": "2021-11-04T09:01:45.167Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.239Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.164Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 80, + "fields": { + "created": "2021-11-04T09:01:45.338Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.334Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.335Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 81, + "fields": { + "created": "2021-11-04T09:01:45.495Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.208Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.492Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 82, + "fields": { + "created": "2021-11-04T09:01:45.667Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.664Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 83, + "fields": { + "created": "2021-11-04T09:01:45.809Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.793Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 84, + "fields": { + "created": "2021-11-04T09:01:45.947Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 85, + "fields": { + "created": "2021-11-04T09:01:46.093Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

    \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.595Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.090Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 86, + "fields": { + "created": "2021-11-04T09:01:46.242Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.149Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.239Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 87, + "fields": { + "created": "2021-11-04T09:01:46.417Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.810Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.413Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 88, + "fields": { + "created": "2021-11-04T09:01:46.582Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:46.579Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 89, + "fields": { + "created": "2021-11-04T09:01:46.729Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.118Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.727Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 90, + "fields": { + "created": "2021-11-04T09:01:46.883Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.823Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.880Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 91, + "fields": { + "created": "2021-11-04T09:01:47.032Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.029Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 92, + "fields": { + "created": "2021-11-04T09:01:47.169Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.166Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 93, + "fields": { + "created": "2021-11-04T09:01:47.314Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.478Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.311Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 94, + "fields": { + "created": "2021-11-04T09:01:47.459Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.765Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.456Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 95, + "fields": { + "created": "2021-11-04T09:01:47.615Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.907Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.612Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 96, + "fields": { + "created": "2021-11-04T09:01:47.776Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.439Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 97, + "fields": { + "created": "2021-11-04T09:01:47.932Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.222Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 98, + "fields": { + "created": "2021-11-04T09:01:48.091Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.086Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 99, + "fields": { + "created": "2021-11-04T09:01:48.247Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.685Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.245Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 100, + "fields": { + "created": "2021-11-04T09:01:48.418Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.461Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.415Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 101, + "fields": { + "created": "2021-11-04T09:01:48.575Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.251Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.572Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 102, + "fields": { + "created": "2021-11-04T09:01:48.732Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.939Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:48.730Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 103, + "fields": { + "created": "2021-11-04T09:01:48.890Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.589Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.887Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 104, + "fields": { + "created": "2021-11-04T09:01:49.061Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.107Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.057Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 105, + "fields": { + "created": "2021-11-04T09:01:49.230Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.892Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 106, + "fields": { + "created": "2021-11-04T09:01:49.390Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.168Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.387Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 107, + "fields": { + "created": "2021-11-04T09:01:49.553Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.825Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.551Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 108, + "fields": { + "created": "2021-11-04T09:01:49.698Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.318Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.693Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 109, + "fields": { + "created": "2021-11-04T09:01:49.847Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.072Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.844Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 110, + "fields": { + "created": "2021-11-04T09:01:49.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.897Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:49.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 111, + "fields": { + "created": "2021-11-04T09:01:50.133Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.338Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.130Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 112, + "fields": { + "created": "2021-11-04T09:01:50.272Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.753Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 113, + "fields": { + "created": "2021-11-04T09:01:50.425Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.249Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.422Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 114, + "fields": { + "created": "2021-11-04T09:01:50.583Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.091Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.580Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 115, + "fields": { + "created": "2021-11-04T09:01:50.757Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.561Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.754Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 116, + "fields": { + "created": "2021-11-04T09:01:50.920Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.130Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.913Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 117, + "fields": { + "created": "2021-11-04T09:01:51.100Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.926Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:51.097Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 118, + "fields": { + "created": "2021-11-04T09:01:51.303Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.299Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 119, + "fields": { + "created": "2021-11-04T09:01:51.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.848Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 120, + "fields": { + "created": "2021-11-04T09:01:51.704Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 121, + "fields": { + "created": "2021-11-04T09:01:51.884Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.397Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.881Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 122, + "fields": { + "created": "2021-11-04T09:01:52.056Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.414Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 123, + "fields": { + "created": "2021-11-04T09:01:52.205Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.613Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.202Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 124, + "fields": { + "created": "2021-11-04T09:01:52.350Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.347Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 125, + "fields": { + "created": "2021-11-04T09:01:52.512Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.763Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.508Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 126, + "fields": { + "created": "2021-11-04T09:01:52.665Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.806Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:52.662Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 127, + "fields": { + "created": "2021-11-04T09:01:52.806Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.803Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 128, + "fields": { + "created": "2021-11-04T09:01:52.969Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.196Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.966Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 129, + "fields": { + "created": "2021-11-04T09:01:53.115Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.638Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 130, + "fields": { + "created": "2021-11-04T09:01:53.272Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.011Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 131, + "fields": { + "created": "2021-11-04T09:01:53.428Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:53.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 132, + "fields": { + "created": "2021-11-04T09:01:53.606Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.218Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.603Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 133, + "fields": { + "created": "2021-11-04T09:01:53.772Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 134, + "fields": { + "created": "2021-11-04T09:01:53.918Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.281Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.915Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 135, + "fields": { + "created": "2021-11-04T09:01:54.071Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.473Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.068Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 136, + "fields": { + "created": "2021-11-04T09:01:54.219Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.733Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.216Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 137, + "fields": { + "created": "2021-11-04T09:01:54.406Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.403Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 138, + "fields": { + "created": "2021-11-04T09:01:54.584Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.632Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.581Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 139, + "fields": { + "created": "2021-11-04T09:01:54.769Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.760Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 140, + "fields": { + "created": "2021-11-04T09:03:27.312Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:27.309Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 141, + "fields": { + "created": "2021-11-04T09:03:27.478Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.743Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:27.476Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 142, + "fields": { + "created": "2021-11-04T09:03:27.650Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.647Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 143, + "fields": { + "created": "2021-11-04T09:03:27.832Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.510Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.829Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 144, + "fields": { + "created": "2021-11-04T09:03:27.993Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.315Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.990Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 145, + "fields": { + "created": "2021-11-04T09:03:28.179Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:28.177Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 146, + "fields": { + "created": "2021-11-04T09:03:28.355Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.437Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 147, + "fields": { + "created": "2021-11-04T09:03:28.525Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.359Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.522Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 148, + "fields": { + "created": "2021-11-04T09:03:28.692Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.175Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.689Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 149, + "fields": { + "created": "2021-11-04T09:03:28.867Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.365Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:28.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 150, + "fields": { + "created": "2021-11-04T09:03:29.039Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 151, + "fields": { + "created": "2021-11-04T09:03:29.194Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"    \" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.756Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.190Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 152, + "fields": { + "created": "2021-11-04T09:03:29.361Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.358Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 153, + "fields": { + "created": "2021-11-04T09:03:29.549Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.547Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 154, + "fields": { + "created": "2021-11-04T09:03:29.701Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.411Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 155, + "fields": { + "created": "2021-11-04T09:03:29.850Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.244Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 156, + "fields": { + "created": "2021-11-04T09:03:29.992Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.069Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 157, + "fields": { + "created": "2021-11-04T09:03:30.139Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.270Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.136Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 158, + "fields": { + "created": "2021-11-04T09:03:30.281Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.316Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.279Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 159, + "fields": { + "created": "2021-11-04T09:03:30.451Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.624Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.448Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 160, + "fields": { + "created": "2021-11-04T09:03:30.598Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.593Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.594Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 161, + "fields": { + "created": "2021-11-04T09:03:30.754Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.557Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 162, + "fields": { + "created": "2021-11-04T09:03:30.913Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.910Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 163, + "fields": { + "created": "2021-11-04T09:03:31.075Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.073Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 164, + "fields": { + "created": "2021-11-04T09:03:31.228Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.993Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 165, + "fields": { + "created": "2021-11-04T09:03:31.382Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.379Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 166, + "fields": { + "created": "2021-11-04T09:03:31.524Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.160Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.520Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 167, + "fields": { + "created": "2021-11-04T09:03:31.675Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.672Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 168, + "fields": { + "created": "2021-11-04T09:03:31.824Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.153Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.821Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 169, + "fields": { + "created": "2021-11-04T09:03:31.976Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.181Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.973Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 170, + "fields": { + "created": "2021-11-04T09:03:32.130Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.313Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 171, + "fields": { + "created": "2021-11-04T09:03:32.275Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.291Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.272Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 172, + "fields": { + "created": "2021-11-04T09:03:32.427Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.006Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 173, + "fields": { + "created": "2021-11-04T09:03:32.579Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.022Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.576Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 174, + "fields": { + "created": "2021-11-04T09:03:32.750Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.746Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 175, + "fields": { + "created": "2021-11-04T09:03:32.910Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.711Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.906Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 176, + "fields": { + "created": "2021-11-04T09:03:33.073Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.071Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 177, + "fields": { + "created": "2021-11-04T09:03:33.230Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.644Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:33.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 178, + "fields": { + "created": "2021-11-04T09:03:33.396Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.427Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.392Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 179, + "fields": { + "created": "2021-11-04T09:03:33.589Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.535Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:33.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 180, + "fields": { + "created": "2021-11-04T09:03:33.758Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.948Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 181, + "fields": { + "created": "2021-11-04T09:03:33.921Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.917Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 182, + "fields": { + "created": "2021-11-04T09:03:34.101Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.974Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.096Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 183, + "fields": { + "created": "2021-11-04T09:03:34.261Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.741Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:34.258Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 184, + "fields": { + "created": "2021-11-04T09:03:34.457Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.615Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.454Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 185, + "fields": { + "created": "2021-11-04T09:03:34.632Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.597Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:34.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 186, + "fields": { + "created": "2021-11-04T09:03:34.811Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.807Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 187, + "fields": { + "created": "2021-11-04T09:03:34.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.804Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 188, + "fields": { + "created": "2021-11-04T09:03:35.146Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.143Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 189, + "fields": { + "created": "2021-11-04T09:03:35.308Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.955Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 190, + "fields": { + "created": "2021-11-04T09:03:35.488Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.489Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:35.484Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 191, + "fields": { + "created": "2021-11-04T09:03:35.655Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.099Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.652Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 192, + "fields": { + "created": "2021-11-04T09:03:35.814Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.515Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 193, + "fields": { + "created": "2021-11-04T09:03:35.984Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.980Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 194, + "fields": { + "created": "2021-11-04T09:03:36.152Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.851Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:36.148Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 195, + "fields": { + "created": "2021-11-04T09:03:36.364Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"    \" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.870Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.359Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 196, + "fields": { + "created": "2021-11-04T09:03:36.557Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.552Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 197, + "fields": { + "created": "2021-11-04T09:03:36.760Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.563Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.756Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 198, + "fields": { + "created": "2021-11-04T09:03:36.944Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.009Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.938Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 199, + "fields": { + "created": "2021-11-04T09:03:37.131Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.773Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 200, + "fields": { + "created": "2021-11-04T09:03:37.335Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.866Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.333Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 201, + "fields": { + "created": "2021-11-04T09:03:37.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.815Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 202, + "fields": { + "created": "2021-11-04T09:03:37.704Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.995Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.701Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 203, + "fields": { + "created": "2021-11-04T09:03:37.904Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.536Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 204, + "fields": { + "created": "2021-11-04T09:03:38.097Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.769Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.093Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 205, + "fields": { + "created": "2021-11-04T09:03:38.273Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.260Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 206, + "fields": { + "created": "2021-11-04T09:03:38.494Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.655Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 207, + "fields": { + "created": "2021-11-04T09:03:38.726Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.501Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.720Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 208, + "fields": { + "created": "2021-11-04T09:03:38.922Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.363Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.918Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 209, + "fields": { + "created": "2021-11-04T09:03:39.098Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.695Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.095Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 210, + "fields": { + "created": "2021-11-04T09:03:39.259Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.234Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.256Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 211, + "fields": { + "created": "2021-11-04T09:03:39.465Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.461Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 212, + "fields": { + "created": "2021-11-04T09:03:39.630Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.350Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 213, + "fields": { + "created": "2021-11-04T09:03:39.787Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.224Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.784Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 214, + "fields": { + "created": "2021-11-04T09:03:39.936Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 215, + "fields": { + "created": "2021-11-04T09:03:40.133Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.809Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.129Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 216, + "fields": { + "created": "2021-11-04T09:03:40.291Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.288Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 217, + "fields": { + "created": "2021-11-04T09:03:40.455Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

    \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.578Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:40.452Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 218, + "fields": { + "created": "2021-11-04T09:03:40.624Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.134Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.621Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 219, + "fields": { + "created": "2021-11-04T09:03:40.780Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.795Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 220, + "fields": { + "created": "2021-11-04T09:03:40.990Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.732Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.984Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 221, + "fields": { + "created": "2021-11-04T09:03:41.162Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.103Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.158Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 222, + "fields": { + "created": "2021-11-04T09:03:41.406Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.839Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:41.402Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 223, + "fields": { + "created": "2021-11-04T09:03:41.600Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.596Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 224, + "fields": { + "created": "2021-11-04T09:03:41.772Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.345Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 225, + "fields": { + "created": "2021-11-04T09:03:41.947Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.493Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 226, + "fields": { + "created": "2021-11-04T09:03:42.129Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.780Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.126Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 227, + "fields": { + "created": "2021-11-04T09:03:42.301Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.296Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 228, + "fields": { + "created": "2021-11-04T09:03:42.482Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.455Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.479Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 229, + "fields": { + "created": "2021-11-04T09:03:42.670Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.204Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 230, + "fields": { + "created": "2021-11-04T09:03:42.875Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.469Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.855Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 231, + "fields": { + "created": "2021-11-04T09:03:43.252Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.249Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 232, + "fields": { + "created": "2021-11-04T09:03:43.521Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.445Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:43.516Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 233, + "fields": { + "created": "2021-11-04T09:03:43.816Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 234, + "fields": { + "created": "2021-11-04T09:03:44.090Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:44.082Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 235, + "fields": { + "created": "2021-11-04T09:03:44.309Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.573Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 236, + "fields": { + "created": "2021-11-04T09:03:44.506Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.123Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.500Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 237, + "fields": { + "created": "2021-11-04T09:03:44.703Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.876Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 238, + "fields": { + "created": "2021-11-04T09:03:44.936Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.185Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.930Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 239, + "fields": { + "created": "2021-11-04T09:03:45.150Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 240, + "fields": { + "created": "2021-11-04T09:03:45.387Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.302Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.382Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 241, + "fields": { + "created": "2021-11-04T09:03:45.588Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.087Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 242, + "fields": { + "created": "2021-11-04T09:03:45.816Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.911Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 243, + "fields": { + "created": "2021-11-04T09:03:46.040Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.322Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.034Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 244, + "fields": { + "created": "2021-11-04T09:03:46.325Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.738Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.316Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 245, + "fields": { + "created": "2021-11-04T09:03:46.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.201Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.567Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 246, + "fields": { + "created": "2021-11-04T09:03:46.801Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.074Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 247, + "fields": { + "created": "2021-11-04T09:03:47.007Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.546Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 248, + "fields": { + "created": "2021-11-04T09:03:47.229Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.115Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 249, + "fields": { + "created": "2021-11-04T09:03:47.445Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.942Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.440Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 250, + "fields": { + "created": "2021-11-04T09:03:47.662Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.938Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.659Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 251, + "fields": { + "created": "2021-11-04T09:03:47.867Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.862Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 252, + "fields": { + "created": "2021-11-04T09:03:48.018Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.722Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.015Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 253, + "fields": { + "created": "2021-11-04T09:03:48.175Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.171Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 254, + "fields": { + "created": "2021-11-04T09:03:48.382Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.429Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.378Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 255, + "fields": { + "created": "2021-11-04T09:03:48.563Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.560Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 256, + "fields": { + "created": "2021-11-04T09:03:48.761Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 257, + "fields": { + "created": "2021-11-04T09:03:48.957Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.748Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:48.954Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 258, + "fields": { + "created": "2021-11-04T09:03:49.162Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.788Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:49.157Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 259, + "fields": { + "created": "2021-11-04T09:03:49.539Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:49.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 260, + "fields": { + "created": "2021-11-04T09:03:49.721Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.211Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.716Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 261, + "fields": { + "created": "2021-11-04T09:03:49.927Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.654Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.923Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 262, + "fields": { + "created": "2021-11-04T09:03:50.136Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.026Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.131Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 263, + "fields": { + "created": "2021-11-04T09:03:50.351Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.887Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:50.345Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 264, + "fields": { + "created": "2021-11-04T09:03:50.575Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.282Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.571Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 265, + "fields": { + "created": "2021-11-04T09:03:50.779Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.240Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 266, + "fields": { + "created": "2021-11-04T09:03:50.992Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.988Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 267, + "fields": { + "created": "2021-11-04T09:03:51.212Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.458Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 268, + "fields": { + "created": "2021-11-04T09:03:51.383Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.749Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.380Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 269, + "fields": { + "created": "2021-11-04T09:03:51.544Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.824Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.541Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 270, + "fields": { + "created": "2021-11-04T09:03:51.721Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.648Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.719Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 271, + "fields": { + "created": "2021-11-04T09:03:51.877Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.872Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 272, + "fields": { + "created": "2021-11-04T09:03:52.049Z", + "updated": null, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.664Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.046Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 273, + "fields": { + "created": "2021-11-04T09:03:52.209Z", + "updated": null, + "title": "Improper Resource Access Authorization (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.800Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.205Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099", + "line": 12, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 274, + "fields": { + "created": "2021-11-04T09:03:52.388Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.609Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 275, + "fields": { + "created": "2021-11-04T09:03:52.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.568Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b", + "line": 29, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 276, + "fields": { + "created": "2021-11-04T09:03:52.771Z", + "updated": null, + "title": "Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:52.766Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 277, + "fields": { + "created": "2021-11-04T09:03:52.938Z", + "updated": null, + "title": "Use of Insufficiently Random Values (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.778Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 278, + "fields": { + "created": "2021-11-04T09:03:53.124Z", + "updated": null, + "title": "SQL Injection (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.612Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:53.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 12 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 279, + "fields": { + "created": "2021-11-04T09:36:25.003Z", + "updated": null, + "title": "Test", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "No url given", + "severity": "Info", + "description": "asdf", + "mitigation": "adf", + "fix_available": null, + "fix_version": null, + "impact": "asdf", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "No references given", + "test": 19, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 3 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 280, + "fields": { + "created": "2021-11-05T06:44:35.863Z", + "updated": null, + "title": "Notepad++.exe | CVE-2007-2666", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.440Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:35.859Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 17 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 281, + "fields": { + "created": "2021-11-05T06:44:36.140Z", + "updated": null, + "title": "Notepad++.exe | CVE-2008-3436", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.456Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:36.137Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 17 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 282, + "fields": { + "created": "2021-11-05T06:46:06.484Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.352Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:06.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 283, + "fields": { + "created": "2021-11-05T06:46:06.676Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.001Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:06.674Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 284, + "fields": { + "created": "2021-11-05T06:46:06.857Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.127Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:06.854Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 285, + "fields": { + "created": "2021-11-05T06:46:07.054Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.513Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 286, + "fields": { + "created": "2021-11-05T06:46:07.234Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.481Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.231Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 287, + "fields": { + "created": "2021-11-05T06:46:07.429Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.467Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.426Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 288, + "fields": { + "created": "2021-11-05T06:46:07.619Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.986Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:07.616Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 289, + "fields": { + "created": "2021-11-05T06:46:07.818Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.815Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 290, + "fields": { + "created": "2021-11-05T06:46:08.024Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.438Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.021Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 291, + "fields": { + "created": "2021-11-05T06:46:08.214Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.212Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 292, + "fields": { + "created": "2021-11-05T06:46:08.407Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.157Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 293, + "fields": { + "created": "2021-11-05T06:46:08.576Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.408Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.574Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 294, + "fields": { + "created": "2021-11-05T06:46:08.774Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.395Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.770Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 295, + "fields": { + "created": "2021-11-05T06:46:08.994Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.142Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.991Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 296, + "fields": { + "created": "2021-11-05T06:46:09.157Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.528Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.155Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 297, + "fields": { + "created": "2021-11-05T06:46:09.337Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.496Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.334Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 298, + "fields": { + "created": "2021-11-05T06:46:09.514Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.381Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.511Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 299, + "fields": { + "created": "2021-11-05T06:46:09.700Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.366Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.697Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 28 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 300, + "fields": { + "created": "2021-11-05T06:47:17.890Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.095Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 301, + "fields": { + "created": "2021-11-05T06:47:18.169Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.606Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 302, + "fields": { + "created": "2021-11-05T06:47:18.645Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 303, + "fields": { + "created": "2021-11-05T06:47:18.860Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.173Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 304, + "fields": { + "created": "2021-11-05T06:47:19.072Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.078Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 305, + "fields": { + "created": "2021-11-05T06:47:19.278Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.590Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 306, + "fields": { + "created": "2021-11-05T06:47:19.559Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.543Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 307, + "fields": { + "created": "2021-11-05T06:47:19.783Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 308, + "fields": { + "created": "2021-11-05T06:47:20.049Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.639Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 309, + "fields": { + "created": "2021-11-05T06:47:20.461Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.346Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 310, + "fields": { + "created": "2021-11-05T07:07:18.067Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.187Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.064Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 311, + "fields": { + "created": "2021-11-05T07:07:18.320Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.219Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.317Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 312, + "fields": { + "created": "2021-11-05T07:07:18.592Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.981Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.590Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 313, + "fields": { + "created": "2021-11-05T07:07:18.815Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.951Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.813Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 314, + "fields": { + "created": "2021-11-05T07:07:19.003Z", + "updated": null, + "title": "SQL String Formatting-G201", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.094Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 315, + "fields": { + "created": "2021-11-05T07:07:19.202Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.017Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.199Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 316, + "fields": { + "created": "2021-11-05T07:07:19.412Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.997Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.409Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 317, + "fields": { + "created": "2021-11-05T07:07:19.621Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.935Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.618Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 318, + "fields": { + "created": "2021-11-05T07:07:19.850Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.140Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 319, + "fields": { + "created": "2021-11-05T07:07:20.057Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.124Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:20.054Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 320, + "fields": { + "created": "2021-11-05T07:07:20.248Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.966Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.246Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 321, + "fields": { + "created": "2021-11-05T07:07:20.441Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.438Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 322, + "fields": { + "created": "2021-11-05T07:07:20.634Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.631Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 323, + "fields": { + "created": "2021-11-05T07:07:20.811Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.808Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95", + "line": null, + "file_path": "/vagrant/go/src/govwa/app.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 324, + "fields": { + "created": "2021-11-05T07:07:21.004Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.236Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 325, + "fields": { + "created": "2021-11-05T07:07:21.191Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.203Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.189Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 326, + "fields": { + "created": "2021-11-05T07:07:21.369Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.366Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 327, + "fields": { + "created": "2021-11-05T07:07:21.561Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.559Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 328, + "fields": { + "created": "2021-11-05T07:07:21.744Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.109Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.741Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 329, + "fields": { + "created": "2021-11-05T07:07:21.930Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.032Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 330, + "fields": { + "created": "2021-11-05T07:07:22.124Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 331, + "fields": { + "created": "2021-11-05T07:07:22.308Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.014Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.306Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/cookie.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 332, + "fields": { + "created": "2021-11-05T07:07:22.551Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.548Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 333, + "fields": { + "created": "2021-11-05T07:07:22.773Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.156Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.771Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 334, + "fields": { + "created": "2021-11-05T07:07:22.989Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.081Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.986Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 335, + "fields": { + "created": "2021-11-05T07:07:23.204Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.065Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.200Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 336, + "fields": { + "created": "2021-11-05T07:07:23.489Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.030Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.486Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 337, + "fields": { + "created": "2021-11-05T07:07:23.721Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.172Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:23.717Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 30 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 338, + "fields": { + "created": "2021-11-05T10:43:05.946Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.111Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:05.943Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 339, + "fields": { + "created": "2021-11-05T10:43:06.237Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:06.233Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 340, + "fields": { + "created": "2021-11-05T10:43:06.742Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:06.738Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 341, + "fields": { + "created": "2021-11-05T10:43:07.038Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.189Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:07.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 342, + "fields": { + "created": "2021-11-05T10:43:07.297Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.063Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T10:43:07.294Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 343, + "fields": { + "created": "2021-11-05T10:43:07.547Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.575Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.545Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 344, + "fields": { + "created": "2021-11-05T10:43:07.888Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.559Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.885Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 345, + "fields": { + "created": "2021-11-05T10:43:08.144Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.406Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.140Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 346, + "fields": { + "created": "2021-11-05T10:43:08.440Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:08.437Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.finding", + "pk": 347, + "fields": { + "created": "2021-11-05T10:43:08.906Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.360Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 9 + ], + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 2, + "fields": { + "title": "test stub finding 1", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 3, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 3, + "fields": { + "title": "test stub finding 2", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 14, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.stub_finding", + "pk": 4, + "fields": { + "title": "test stub finding 3", + "date": "2021-03-09", + "severity": "High", + "description": "test stub finding", + "test": 13, + "reporter": [ + "admin" + ] + } +}, +{ + "model": "dojo.finding_template", + "pk": 1, + "fields": { + "title": "XSS template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "XSS test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.finding_template", + "pk": 2, + "fields": { + "title": "SQLi template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "SQLi test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.finding_template", + "pk": 3, + "fields": { + "title": "CSRF template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "MEDIUM", + "description": "CSRF test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null, + "tags": [] + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 1, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 2, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 3, + "fields": { + "finding": 300, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 4, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 5, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 6, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 7, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 8, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 9, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 10, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 11, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 12, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 13, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 14, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 15, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 16, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 17, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 18, + "fields": { + "finding": 301, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 19, + "fields": { + "finding": 302, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 20, + "fields": { + "finding": 302, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 21, + "fields": { + "finding": 304, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 22, + "fields": { + "finding": 305, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 23, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 24, + "fields": { + "finding": 305, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 25, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 26, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 27, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 28, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 29, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 30, + "fields": { + "finding": 305, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 31, + "fields": { + "finding": 306, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 32, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 33, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 34, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 35, + "fields": { + "finding": 307, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 36, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 37, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 38, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 39, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 40, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 41, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 42, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 43, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 44, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 45, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 46, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 47, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 48, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 49, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 50, + "fields": { + "finding": 308, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 51, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 52, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 53, + "fields": { + "finding": 309, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 54, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 55, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 56, + "fields": { + "finding": 338, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 57, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 58, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 59, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 60, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 61, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 62, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 63, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 64, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 65, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 66, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 67, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 68, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 69, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 70, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 71, + "fields": { + "finding": 339, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 72, + "fields": { + "finding": 340, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 73, + "fields": { + "finding": 340, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 74, + "fields": { + "finding": 342, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 75, + "fields": { + "finding": 343, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 76, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 77, + "fields": { + "finding": 343, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 78, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 79, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 80, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 81, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 82, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 83, + "fields": { + "finding": 343, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 84, + "fields": { + "finding": 344, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 85, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 86, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 87, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 88, + "fields": { + "finding": 345, + "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 89, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 90, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 91, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 92, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 93, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 94, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 95, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 96, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 97, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 98, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 99, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 100, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 101, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ==" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 102, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 103, + "fields": { + "finding": 346, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 104, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 105, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0=" + } +}, +{ + "model": "dojo.burprawrequestresponse", + "pk": 106, + "fields": { + "finding": 347, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289" + } +}, +{ + "model": "dojo.risk_acceptance", + "pk": 1, + "fields": { + "name": "Simple Builtin Risk Acceptance", + "recommendation": "F", + "recommendation_details": null, + "decision": "A", + "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.", + "accepted_by": null, + "path": "", + "owner": [ + "admin" + ], + "expiration_date": null, + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2024-01-29T15:35:18.089Z", + "updated": "2024-01-29T15:35:18.089Z", + "accepted_findings": [ + 2 + ], + "notes": [] + } +}, +{ + "model": "dojo.jira_instance", + "pk": 2, + "fields": { + "configuration_name": "Happy little JIRA 2", + "url": "http://www.testjira.com", + "username": "user1", + "password": "user1", + "default_issue_type": "Task", + "issue_template_dir": null, + "epic_name_id": 111, + "open_status_key": 111, + "close_status_key": 112, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_instance", + "pk": 3, + "fields": { + "configuration_name": "Happy little JIRA 3", + "url": "http://www.testjira.com", + "username": "user2", + "password": "user2", + "default_issue_type": "Task", + "issue_template_dir": null, + "epic_name_id": 222, + "open_status_key": 222, + "close_status_key": 223, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_instance", + "pk": 4, + "fields": { + "configuration_name": "Happy little JIRA 4", + "url": "http://www.testjira.com", + "username": "user3", + "password": "user3", + "default_issue_type": "Spike", + "issue_template_dir": null, + "epic_name_id": 333, + "open_status_key": 333, + "close_status_key": 334, + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "medium_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "critical_mapping_severity": "test severity", + "finding_text": "", + "accepted_mapping_resolution": null, + "false_positive_mapping_resolution": null, + "global_jira_sla_notification": false, + "finding_jira_sync": false + } +}, +{ + "model": "dojo.jira_project", + "pk": 1, + "fields": { + "jira_instance": 2, + "project_key": "key1", + "product": 1, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": false, + "enable_engagement_epic_mapping": true, + "epic_issue_type_name": "Epic", + "push_notes": false, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_project", + "pk": 2, + "fields": { + "jira_instance": 3, + "project_key": "key2", + "product": 2, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": true, + "enable_engagement_epic_mapping": true, + "epic_issue_type_name": "Epic", + "push_notes": true, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_project", + "pk": 3, + "fields": { + "jira_instance": 4, + "project_key": "key3", + "product": 3, + "issue_template_dir": null, + "engagement": null, + "component": "", + "custom_fields": null, + "default_assignee": null, + "jira_labels": null, + "add_vulnerability_id_to_jira_label": false, + "push_all_issues": false, + "enable_engagement_epic_mapping": false, + "epic_issue_type_name": "Epic", + "push_notes": false, + "product_jira_sla_notification": false, + "risk_acceptance_expiration_notification": false, + "enabled": true + } +}, +{ + "model": "dojo.jira_issue", + "pk": 2, + "fields": { + "jira_project": null, + "jira_id": "2", + "jira_key": "222", + "finding": 5, + "engagement": 3, + "finding_group": null, + "jira_creation": null, + "jira_change": null + } +}, +{ + "model": "dojo.jira_issue", + "pk": 3, + "fields": { + "jira_project": null, + "jira_id": "3", + "jira_key": "333", + "finding": 6, + "engagement": 1, + "finding_group": null, + "jira_creation": null, + "jira_change": null + } +}, +{ + "model": "dojo.notifications", + "pk": 1, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "admin" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.notifications", + "pk": 2, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "product_manager" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.notifications", + "pk": 3, + "fields": { + "product_type_added": "alert,alert", + "product_added": "alert,alert", + "engagement_added": "alert,alert", + "test_added": "alert,alert", + "scan_added": "alert,alert", + "scan_added_empty": "", + "jira_update": "alert,alert", + "upcoming_engagement": "alert,alert", + "stale_engagement": "alert,alert", + "auto_close_engagement": "alert,alert", + "close_engagement": "alert,alert", + "user_mentioned": "alert,alert", + "code_review": "alert,alert", + "review_requested": "alert,alert", + "other": "alert,alert", + "user": [ + "user2" + ], + "product": null, + "template": false, + "sla_breach": "alert,alert", + "risk_acceptance_expiration": "alert,alert", + "sla_breach_combined": "alert,alert" + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 1, + "fields": { + "name": "Product Setting 1", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 1, + "tool_project_id": "1", + "notes": [] + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 2, + "fields": { + "name": "Product Setting 2", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 2, + "tool_project_id": "2", + "notes": [] + } +}, +{ + "model": "dojo.tool_product_settings", + "pk": 3, + "fields": { + "name": "Product Setting 3", + "description": "test product setting", + "url": "http://www.example.com", + "product": 1, + "tool_configuration": 3, + "tool_project_id": "3", + "notes": [] + } +}, +{ + "model": "dojo.alerts", + "pk": 1, + "fields": { + "title": "Static Scan for Python How-to", + "description": "\n\n\n The engagement \"Python How-to\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/4", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:01:00.711Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 2, + "fields": { + "title": "Static Scan for Python How-to", + "description": "\n\n\n The engagement \"Python How-to\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/4", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:01:00.726Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 3, + "fields": { + "title": "0 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/17", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:22:29.720Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 4, + "fields": { + "title": "0 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/17", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:22:29.733Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 5, + "fields": { + "title": "Quarterly PCI Scan for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:25:29.445Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 6, + "fields": { + "title": "Quarterly PCI Scan for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:25:29.455Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 7, + "fields": { + "title": "Qualys Scan for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:25:46.372Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 8, + "fields": { + "title": "Qualys Scan for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/6", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:25:46.385Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 9, + "fields": { + "title": "Initial Assessment for Account Software", + "description": "\n\n\n The engagement \"Account Software\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:42:51.166Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 10, + "fields": { + "title": "Initial Assessment for Account Software", + "description": "\n\n\n The engagement \"Account Software\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:42:51.176Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 11, + "fields": { + "title": "API Test for Account Software", + "description": "\n\n\n New test added for engagement Account Software: API Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:09.143Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 12, + "fields": { + "title": "API Test for Account Software", + "description": "\n\n\n New test added for engagement Account Software: API Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:09.153Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 13, + "fields": { + "title": "Nmap Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:23.460Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 14, + "fields": { + "title": "Nmap Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:23.472Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 15, + "fields": { + "title": "Dependency Check Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:43:41.770Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 16, + "fields": { + "title": "Dependency Check Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:43:41.785Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 17, + "fields": { + "title": "ZAP Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-04T09:44:01.865Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 18, + "fields": { + "title": "ZAP Scan for Account Software", + "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n", + "url": "http://defectdojo.herokuapp.com/engagement/8", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-04T09:44:01.877Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 19, + "fields": { + "title": "2 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/25", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:44:36.344Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 20, + "fields": { + "title": "2 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/25", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:44:36.353Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 21, + "fields": { + "title": "18 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/26", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:46:09.906Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 22, + "fields": { + "title": "18 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/26", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:46:09.914Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 23, + "fields": { + "title": "10 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/28", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:47:20.764Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 24, + "fields": { + "title": "10 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/28", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:47:20.774Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 25, + "fields": { + "title": "Manual PenTest for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:11.922Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 26, + "fields": { + "title": "Manual PenTest for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:11.931Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 27, + "fields": { + "title": "Manual Code Review for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:24.017Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 28, + "fields": { + "title": "Manual Code Review for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:24.025Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 29, + "fields": { + "title": "Pen Test for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T06:54:35.541Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 30, + "fields": { + "title": "Pen Test for Bodgeit", + "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n", + "url": "http://defectdojo.herokuapp.com/engagement/11", + "source": "Test Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T06:54:35.551Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 31, + "fields": { + "title": "CI/CD Baseline Security Test for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/12", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T07:06:26.179Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 32, + "fields": { + "title": "CI/CD Baseline Security Test for Bodgeit", + "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n", + "url": "http://defectdojo.herokuapp.com/engagement/12", + "source": "Engagement Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T07:06:26.187Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 33, + "fields": { + "title": "28 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/31", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T07:07:23.992Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 34, + "fields": { + "title": "28 findings for Bodgeit", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/31", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T07:07:24.008Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 35, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/32", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:43:09.169Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 36, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/32", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:43:09.178Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 37, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/37", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:51:04.993Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 38, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://defectdojo.herokuapp.com/test/37", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:51:05.001Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 39, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://localhost:8000/test/39", + "source": "Results Added", + "icon": "info-circle", + "user_id": null, + "created": "2021-11-05T10:52:48.176Z" + } +}, +{ + "model": "dojo.alerts", + "pk": 40, + "fields": { + "title": "10 findings for BodgeIt", + "description": "\n\n\n \n\n", + "url": "http://localhost:8000/test/39", + "source": "Results Added", + "icon": "info-circle", + "user_id": [ + "admin" + ], + "created": "2021-11-05T10:52:48.263Z" + } +}, +{ + "model": "dojo.language_type", + "pk": 1, + "fields": { + "language": "ActionScript", + "color": "#F2D7D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 2, + "fields": { + "language": "Python", + "color": "#006400" + } +}, +{ + "model": "dojo.language_type", + "pk": 3, + "fields": { + "language": "Ruby", + "color": "#cd5c5c" + } +}, +{ + "model": "dojo.language_type", + "pk": 4, + "fields": { + "language": "ABAP", + "color": "#F9EBEA" + } +}, +{ + "model": "dojo.language_type", + "pk": 5, + "fields": { + "language": "Ada", + "color": "#E6B0AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 6, + "fields": { + "language": "ADSO/IDSM", + "color": "#D98880" + } +}, +{ + "model": "dojo.language_type", + "pk": 7, + "fields": { + "language": "Agda", + "color": "#CD6155" + } +}, +{ + "model": "dojo.language_type", + "pk": 8, + "fields": { + "language": "AMPLE", + "color": "#C0392B" + } +}, +{ + "model": "dojo.language_type", + "pk": 9, + "fields": { + "language": "Ant", + "color": "#A93226" + } +}, +{ + "model": "dojo.language_type", + "pk": 10, + "fields": { + "language": "ANTLR Grammar", + "color": "#641E16" + } +}, +{ + "model": "dojo.language_type", + "pk": 11, + "fields": { + "language": "Apex Trigger", + "color": "#FDEDEC" + } +}, +{ + "model": "dojo.language_type", + "pk": 12, + "fields": { + "language": "Arduino Sketch", + "color": "#FADBD8" + } +}, +{ + "model": "dojo.language_type", + "pk": 13, + "fields": { + "language": "AsciiDoc", + "color": "#F1948A" + } +}, +{ + "model": "dojo.language_type", + "pk": 14, + "fields": { + "language": "ASP", + "color": "#E74C3C" + } +}, +{ + "model": "dojo.language_type", + "pk": 15, + "fields": { + "language": "ASP.NET", + "color": "#CB4335" + } +}, +{ + "model": "dojo.language_type", + "pk": 16, + "fields": { + "language": "AspectJ", + "color": "#943126" + } +}, +{ + "model": "dojo.language_type", + "pk": 17, + "fields": { + "language": "Assembly", + "color": "#78281F" + } +}, +{ + "model": "dojo.language_type", + "pk": 18, + "fields": { + "language": "AutoHotkey", + "color": "#F5EEF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 19, + "fields": { + "language": "awk", + "color": "#EBDEF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 20, + "fields": { + "language": "Blade", + "color": "#D7BDE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 21, + "fields": { + "language": "Bourne Again Shell", + "color": "#C39BD3" + } +}, +{ + "model": "dojo.language_type", + "pk": 22, + "fields": { + "language": "Bourne Shell", + "color": "#AF7AC5" + } +}, +{ + "model": "dojo.language_type", + "pk": 23, + "fields": { + "language": "BrightScript", + "color": "#884EA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 24, + "fields": { + "language": "C", + "color": "#6C3483" + } +}, +{ + "model": "dojo.language_type", + "pk": 25, + "fields": { + "language": "C Shell", + "color": "#5B2C6F" + } +}, +{ + "model": "dojo.language_type", + "pk": 26, + "fields": { + "language": "C#", + "color": "#4A235A" + } +}, +{ + "model": "dojo.language_type", + "pk": 27, + "fields": { + "language": "C++", + "color": "#F4ECF7" + } +}, +{ + "model": "dojo.language_type", + "pk": 28, + "fields": { + "language": "C/C++ Header", + "color": "#E8DAEF" + } +}, +{ + "model": "dojo.language_type", + "pk": 29, + "fields": { + "language": "CCS", + "color": "#D2B4DE" + } +}, +{ + "model": "dojo.language_type", + "pk": 30, + "fields": { + "language": "Chapel", + "color": "#BB8FCE" + } +}, +{ + "model": "dojo.language_type", + "pk": 31, + "fields": { + "language": "Clean", + "color": "#8E44AD" + } +}, +{ + "model": "dojo.language_type", + "pk": 32, + "fields": { + "language": "Clojure", + "color": "#7D3C98" + } +}, +{ + "model": "dojo.language_type", + "pk": 33, + "fields": { + "language": "ClojureC", + "color": "#7D3C98" + } +}, +{ + "model": "dojo.language_type", + "pk": 34, + "fields": { + "language": "ClojureScript", + "color": "#5B2C6F" + } +}, +{ + "model": "dojo.language_type", + "pk": 35, + "fields": { + "language": "CMake", + "color": "#4A235A" + } +}, +{ + "model": "dojo.language_type", + "pk": 36, + "fields": { + "language": "COBOL", + "color": "#EAF2F8" + } +}, +{ + "model": "dojo.language_type", + "pk": 37, + "fields": { + "language": "CoffeeScript", + "color": "#D4E6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 38, + "fields": { + "language": "ColdFusion", + "color": "#D6EAF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 39, + "fields": { + "language": "ColdFusion CFScript", + "color": "#A9CCE3" + } +}, +{ + "model": "dojo.language_type", + "pk": 40, + "fields": { + "language": "Coq", + "color": "#7FB3D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 41, + "fields": { + "language": "Crystal", + "color": "#5499C7" + } +}, +{ + "model": "dojo.language_type", + "pk": 42, + "fields": { + "language": "CSON", + "color": "#1A5276" + } +}, +{ + "model": "dojo.language_type", + "pk": 43, + "fields": { + "language": "CSS", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 44, + "fields": { + "language": "Cucumber", + "color": "#D4E6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 45, + "fields": { + "language": "CUDA", + "color": "#7FB3D5" + } +}, +{ + "model": "dojo.language_type", + "pk": 46, + "fields": { + "language": "Cython", + "color": "#5499C7" + } +}, +{ + "model": "dojo.language_type", + "pk": 47, + "fields": { + "language": "D", + "color": "#2980B9" + } +}, +{ + "model": "dojo.language_type", + "pk": 48, + "fields": { + "language": "DAL", + "color": "#2471A3" + } +}, +{ + "model": "dojo.language_type", + "pk": 49, + "fields": { + "language": "Dart", + "color": "#1A5276" + } +}, +{ + "model": "dojo.language_type", + "pk": 50, + "fields": { + "language": "diff", + "color": "#154360" + } +}, +{ + "model": "dojo.language_type", + "pk": 51, + "fields": { + "language": "DITA", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 52, + "fields": { + "language": "DOS Batch", + "color": "#AED6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 53, + "fields": { + "language": "Drools", + "color": "#85C1E9" + } +}, +{ + "model": "dojo.language_type", + "pk": 54, + "fields": { + "language": "DTD", + "color": "#5DADE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 55, + "fields": { + "language": "dtrace", + "color": "#2980B9" + } +}, +{ + "model": "dojo.language_type", + "pk": 56, + "fields": { + "language": "ECPP", + "color": "#2471A3" + } +}, +{ + "model": "dojo.language_type", + "pk": 57, + "fields": { + "language": "EEx", + "color": "#1F618D" + } +}, +{ + "model": "dojo.language_type", + "pk": 58, + "fields": { + "language": "Elixir", + "color": "#154360" + } +}, +{ + "model": "dojo.language_type", + "pk": 59, + "fields": { + "language": "Elm", + "color": "#EBF5FB" + } +}, +{ + "model": "dojo.language_type", + "pk": 60, + "fields": { + "language": "ERB", + "color": "#D6EAF8" + } +}, +{ + "model": "dojo.language_type", + "pk": 61, + "fields": { + "language": "Erlang", + "color": "#AED6F1" + } +}, +{ + "model": "dojo.language_type", + "pk": 62, + "fields": { + "language": "Expect", + "color": "#85C1E9" + } +}, +{ + "model": "dojo.language_type", + "pk": 63, + "fields": { + "language": "F#", + "color": "#5DADE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 64, + "fields": { + "language": "F# Script", + "color": "#3498DB" + } +}, +{ + "model": "dojo.language_type", + "pk": 65, + "fields": { + "language": "Fish Shell", + "color": "#2E86C1" + } +}, +{ + "model": "dojo.language_type", + "pk": 66, + "fields": { + "language": "Focus", + "color": "#2874A6" + } +}, +{ + "model": "dojo.language_type", + "pk": 67, + "fields": { + "language": "Forth", + "color": "#1B4F72" + } +}, +{ + "model": "dojo.language_type", + "pk": 68, + "fields": { + "language": "Fortran 77", + "color": "#E8F8F5" + } +}, +{ + "model": "dojo.language_type", + "pk": 69, + "fields": { + "language": "Fortran 90", + "color": "#D1F2EB" + } +}, +{ + "model": "dojo.language_type", + "pk": 70, + "fields": { + "language": "Freemarker Template", + "color": "#" + } +}, +{ + "model": "dojo.language_type", + "pk": 71, + "fields": { + "language": "GDScript", + "color": "#A3E4D7" + } +}, +{ + "model": "dojo.language_type", + "pk": 72, + "fields": { + "language": "Gencat NLS", + "color": "#76D7C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 73, + "fields": { + "language": "Glade", + "color": "#48C9B0" + } +}, +{ + "model": "dojo.language_type", + "pk": 74, + "fields": { + "language": "GLSL", + "color": "#1ABC9C" + } +}, +{ + "model": "dojo.language_type", + "pk": 75, + "fields": { + "language": "Go", + "color": "#17A589" + } +}, +{ + "model": "dojo.language_type", + "pk": 76, + "fields": { + "language": "Grails", + "color": "#148F77" + } +}, +{ + "model": "dojo.language_type", + "pk": 77, + "fields": { + "language": "GraphQL", + "color": "#117864" + } +}, +{ + "model": "dojo.language_type", + "pk": 78, + "fields": { + "language": "Groovy", + "color": "#0E6251" + } +}, +{ + "model": "dojo.language_type", + "pk": 79, + "fields": { + "language": "Haml", + "color": "#E8F6F3" + } +}, +{ + "model": "dojo.language_type", + "pk": 80, + "fields": { + "language": "Handlebars", + "color": "#A3E4D7" + } +}, +{ + "model": "dojo.language_type", + "pk": 81, + "fields": { + "language": "Harbour", + "color": "#76D7C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 82, + "fields": { + "language": "Haskell", + "color": "#48C9B0" + } +}, +{ + "model": "dojo.language_type", + "pk": 83, + "fields": { + "language": "Haxe", + "color": "#1ABC9C" + } +}, +{ + "model": "dojo.language_type", + "pk": 84, + "fields": { + "language": "HCL", + "color": "#17A589" + } +}, +{ + "model": "dojo.language_type", + "pk": 85, + "fields": { + "language": "HLSL", + "color": "#148F77" + } +}, +{ + "model": "dojo.language_type", + "pk": 86, + "fields": { + "language": "HTML", + "color": "#117864" + } +}, +{ + "model": "dojo.language_type", + "pk": 87, + "fields": { + "language": "IDL", + "color": "#0E6251" + } +}, +{ + "model": "dojo.language_type", + "pk": 88, + "fields": { + "language": "Idris", + "color": "#0B5345" + } +}, +{ + "model": "dojo.language_type", + "pk": 89, + "fields": { + "language": "InstallShield", + "color": "#D4EFDF" + } +}, +{ + "model": "dojo.language_type", + "pk": 90, + "fields": { + "language": "Java", + "color": "#A9DFBF" + } +}, +{ + "model": "dojo.language_type", + "pk": 91, + "fields": { + "language": "JavaScript", + "color": "#7DCEA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 92, + "fields": { + "language": "JavaServer Faces", + "color": "#52BE80" + } +}, +{ + "model": "dojo.language_type", + "pk": 93, + "fields": { + "language": "JCL", + "color": "#27AE60" + } +}, +{ + "model": "dojo.language_type", + "pk": 94, + "fields": { + "language": "JSON", + "color": "#229954" + } +}, +{ + "model": "dojo.language_type", + "pk": 95, + "fields": { + "language": "JSP", + "color": "#1E8449" + } +}, +{ + "model": "dojo.language_type", + "pk": 97, + "fields": { + "language": "JSX", + "color": "#196F3D" + } +}, +{ + "model": "dojo.language_type", + "pk": 98, + "fields": { + "language": "Julia", + "color": "#0B5345" + } +}, +{ + "model": "dojo.language_type", + "pk": 99, + "fields": { + "language": "Kermit", + "color": "#800000" + } +}, +{ + "model": "dojo.language_type", + "pk": 100, + "fields": { + "language": "Korn Shell", + "color": "#A52A2A" + } +}, +{ + "model": "dojo.language_type", + "pk": 101, + "fields": { + "language": "Kotlin", + "color": "#A0522D" + } +}, +{ + "model": "dojo.language_type", + "pk": 102, + "fields": { + "language": "Lean", + "color": "#8B4513" + } +}, +{ + "model": "dojo.language_type", + "pk": 103, + "fields": { + "language": "LESS", + "color": "#D2691E" + } +}, +{ + "model": "dojo.language_type", + "pk": 104, + "fields": { + "language": "lex", + "color": "#CD853F" + } +}, +{ + "model": "dojo.language_type", + "pk": 105, + "fields": { + "language": "LFE", + "color": "#DAA520" + } +}, +{ + "model": "dojo.language_type", + "pk": 106, + "fields": { + "language": "liquid", + "color": "#F4A460" + } +}, +{ + "model": "dojo.language_type", + "pk": 107, + "fields": { + "language": "Lisp", + "color": "#BC8F8F" + } +}, +{ + "model": "dojo.language_type", + "pk": 108, + "fields": { + "language": "Literate Idris", + "color": "#D2B48C" + } +}, +{ + "model": "dojo.language_type", + "pk": 109, + "fields": { + "language": "LiveLink OScript", + "color": "#DEB887" + } +}, +{ + "model": "dojo.language_type", + "pk": 110, + "fields": { + "language": "Logtalk", + "color": "#F5DEB3" + } +}, +{ + "model": "dojo.language_type", + "pk": 111, + "fields": { + "language": "Lua", + "color": "#FFDEAD" + } +}, +{ + "model": "dojo.language_type", + "pk": 112, + "fields": { + "language": "m4", + "color": "#FFE4C4" + } +}, +{ + "model": "dojo.language_type", + "pk": 113, + "fields": { + "language": "make", + "color": "#FFEBCD" + } +}, +{ + "model": "dojo.language_type", + "pk": 114, + "fields": { + "language": "Mako", + "color": "#FFF8DC" + } +}, +{ + "model": "dojo.language_type", + "pk": 115, + "fields": { + "language": "Markdown", + "color": "#2F4F4F" + } +}, +{ + "model": "dojo.language_type", + "pk": 116, + "fields": { + "language": "Mathematica", + "color": "#708090" + } +}, +{ + "model": "dojo.language_type", + "pk": 117, + "fields": { + "language": "MATLAB", + "color": "#778899" + } +}, +{ + "model": "dojo.language_type", + "pk": 118, + "fields": { + "language": "Maven", + "color": "#696969" + } +}, +{ + "model": "dojo.language_type", + "pk": 119, + "fields": { + "language": "Modula3", + "color": "#808080" + } +}, +{ + "model": "dojo.language_type", + "pk": 120, + "fields": { + "language": "MSBuild script", + "color": "#A9A9A9" + } +}, +{ + "model": "dojo.language_type", + "pk": 121, + "fields": { + "language": "MUMPS", + "color": "#FFE4E1" + } +}, +{ + "model": "dojo.language_type", + "pk": 122, + "fields": { + "language": "Mustache", + "color": "#FFF0F5" + } +}, +{ + "model": "dojo.language_type", + "pk": 123, + "fields": { + "language": "MXML", + "color": "#FAEBD7" + } +}, +{ + "model": "dojo.language_type", + "pk": 124, + "fields": { + "language": "NAnt script", + "color": "#FFFFF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 125, + "fields": { + "language": "NASTRAN DMAP", + "color": "#FFFAF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 126, + "fields": { + "language": "Nemerle", + "color": "#FDF5E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 127, + "fields": { + "language": "Nim", + "color": "#F5F5DC" + } +}, +{ + "model": "dojo.language_type", + "pk": 128, + "fields": { + "language": "Objective C", + "color": "#cc00cc" + } +}, +{ + "model": "dojo.language_type", + "pk": 129, + "fields": { + "language": "Objective C++", + "color": "#ff9966" + } +}, +{ + "model": "dojo.language_type", + "pk": 130, + "fields": { + "language": "OCaml", + "color": "#F8F8FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 131, + "fields": { + "language": "OpenCL", + "color": "#F0F8FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 132, + "fields": { + "language": "Oracle Forms", + "color": "#F0FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 133, + "fields": { + "language": "Oracle PL/SQL", + "color": "#F5FFFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 134, + "fields": { + "language": "Oracle Reports", + "color": "#F0FFF0" + } +}, +{ + "model": "dojo.language_type", + "pk": 135, + "fields": { + "language": "Pascal", + "color": "#FFFAFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 136, + "fields": { + "language": "Pascal/Puppet", + "color": "#C71585" + } +}, +{ + "model": "dojo.language_type", + "pk": 137, + "fields": { + "language": "Patran Command Language", + "color": "#DB7093" + } +}, +{ + "model": "dojo.language_type", + "pk": 138, + "fields": { + "language": "Perl", + "color": "#FF1493" + } +}, +{ + "model": "dojo.language_type", + "pk": 139, + "fields": { + "language": "PHP", + "color": "#FF69B4" + } +}, +{ + "model": "dojo.language_type", + "pk": 140, + "fields": { + "language": "PHP/Pascal", + "color": "#FFB6C1" + } +}, +{ + "model": "dojo.language_type", + "pk": 141, + "fields": { + "language": "PL/I", + "color": "#FFC0CB" + } +}, +{ + "model": "dojo.language_type", + "pk": 143, + "fields": { + "language": "PL/M", + "color": "#4B0082" + } +}, +{ + "model": "dojo.language_type", + "pk": 144, + "fields": { + "language": "PowerBuilder", + "color": "#800080" + } +}, +{ + "model": "dojo.language_type", + "pk": 145, + "fields": { + "language": "PowerShell", + "color": "#8B008B" + } +}, +{ + "model": "dojo.language_type", + "pk": 146, + "fields": { + "language": "ProGuard", + "color": "#9932CC" + } +}, +{ + "model": "dojo.language_type", + "pk": 147, + "fields": { + "language": "Prolog", + "color": "#9400D3" + } +}, +{ + "model": "dojo.language_type", + "pk": 148, + "fields": { + "language": "Protocol Buffers", + "color": "#8A2BE2" + } +}, +{ + "model": "dojo.language_type", + "pk": 149, + "fields": { + "language": "Pug", + "color": "#9370DB" + } +}, +{ + "model": "dojo.language_type", + "pk": 150, + "fields": { + "language": "PureScript", + "color": "#BA55D3" + } +}, +{ + "model": "dojo.language_type", + "pk": 151, + "fields": { + "language": "QML", + "color": "#FF00FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 152, + "fields": { + "language": "Qt", + "color": "#FF00FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 153, + "fields": { + "language": "Qt Linguist", + "color": "#DA70D6" + } +}, +{ + "model": "dojo.language_type", + "pk": 154, + "fields": { + "language": "Qt Project", + "color": "#EE82EE" + } +}, +{ + "model": "dojo.language_type", + "pk": 155, + "fields": { + "language": "R", + "color": "#DDA0DD" + } +}, +{ + "model": "dojo.language_type", + "pk": 156, + "fields": { + "language": "Racket", + "color": "#D8BFD8" + } +}, +{ + "model": "dojo.language_type", + "pk": 157, + "fields": { + "language": "RAML", + "color": "#E6E6FA" + } +}, +{ + "model": "dojo.language_type", + "pk": 158, + "fields": { + "language": "RapydScript", + "color": "#483D8B" + } +}, +{ + "model": "dojo.language_type", + "pk": 159, + "fields": { + "language": "Razor", + "color": "#6A5ACD" + } +}, +{ + "model": "dojo.language_type", + "pk": 160, + "fields": { + "language": "Rexx", + "color": "#7B68EE" + } +}, +{ + "model": "dojo.language_type", + "pk": 161, + "fields": { + "language": "RobotFramework", + "color": "#191970" + } +}, +{ + "model": "dojo.language_type", + "pk": 162, + "fields": { + "language": "Ruby", + "color": "#000080" + } +}, +{ + "model": "dojo.language_type", + "pk": 163, + "fields": { + "language": "Ruby HTML", + "color": "#00008B" + } +}, +{ + "model": "dojo.language_type", + "pk": 164, + "fields": { + "language": "Rust", + "color": "#0000CD" + } +}, +{ + "model": "dojo.language_type", + "pk": 165, + "fields": { + "language": "SAS", + "color": "#0000FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 166, + "fields": { + "language": "Sass", + "color": "#4169E1" + } +}, +{ + "model": "dojo.language_type", + "pk": 167, + "fields": { + "language": "Scala", + "color": "#4682B4" + } +}, +{ + "model": "dojo.language_type", + "pk": 168, + "fields": { + "language": "Scheme", + "color": "#6495ED" + } +}, +{ + "model": "dojo.language_type", + "pk": 169, + "fields": { + "language": "sed", + "color": "#1E90FF" + } +}, +{ + "model": "dojo.language_type", + "pk": 170, + "fields": { + "language": "SKILL", + "color": "#B0C4DE" + } +}, +{ + "model": "dojo.language_type", + "pk": 171, + "fields": { + "language": "SKILL++", + "color": "#00BFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 172, + "fields": { + "language": "Skylark", + "color": "#87CEEB" + } +}, +{ + "model": "dojo.language_type", + "pk": 173, + "fields": { + "language": "Slice", + "color": "#87CEFA" + } +}, +{ + "model": "dojo.language_type", + "pk": 174, + "fields": { + "language": "Slim", + "color": "#ADD8E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 175, + "fields": { + "language": "Smalltalk", + "color": "#B0E0E6" + } +}, +{ + "model": "dojo.language_type", + "pk": 176, + "fields": { + "language": "Smarty", + "color": "#008080" + } +}, +{ + "model": "dojo.language_type", + "pk": 177, + "fields": { + "language": "Softbridge Basic", + "color": "#008B8B" + } +}, +{ + "model": "dojo.language_type", + "pk": 179, + "fields": { + "language": "Solidity", + "color": "#5F9EA0" + } +}, +{ + "model": "dojo.language_type", + "pk": 180, + "fields": { + "language": "Specman e", + "color": "#20B2AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 181, + "fields": { + "language": "SQL", + "color": "#00CED1" + } +}, +{ + "model": "dojo.language_type", + "pk": 182, + "fields": { + "language": "SQL Data", + "color": "#48D1CC" + } +}, +{ + "model": "dojo.language_type", + "pk": 183, + "fields": { + "language": "SQL Stored Procedure", + "color": "#40E0D0" + } +}, +{ + "model": "dojo.language_type", + "pk": 184, + "fields": { + "language": "Standard ML", + "color": "#AFEEEE" + } +}, +{ + "model": "dojo.language_type", + "pk": 185, + "fields": { + "language": "Stata", + "color": "#66CDAA" + } +}, +{ + "model": "dojo.language_type", + "pk": 186, + "fields": { + "language": "Stylus", + "color": "#7FFFD4" + } +}, +{ + "model": "dojo.language_type", + "pk": 187, + "fields": { + "language": "Swift", + "color": "#00FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 188, + "fields": { + "language": "SWIG", + "color": "#00FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 189, + "fields": { + "language": "Tcl/Tk", + "color": "#E0FFFF" + } +}, +{ + "model": "dojo.language_type", + "pk": 190, + "fields": { + "language": "Teamcenter met", + "color": "#6B8E23" + } +}, +{ + "model": "dojo.language_type", + "pk": 191, + "fields": { + "language": "Teamcenter mth", + "color": "#556B2F" + } +}, +{ + "model": "dojo.language_type", + "pk": 192, + "fields": { + "language": "TeX", + "color": "#808000" + } +}, +{ + "model": "dojo.language_type", + "pk": 193, + "fields": { + "language": "TITAN Project File Information", + "color": "#2E8B57" + } +}, +{ + "model": "dojo.language_type", + "pk": 194, + "fields": { + "language": "Titanium Style Sheet", + "color": "#3CB371" + } +}, +{ + "model": "dojo.language_type", + "pk": 195, + "fields": { + "language": "TOML", + "color": "#8FBC8F" + } +}, +{ + "model": "dojo.language_type", + "pk": 196, + "fields": { + "language": "TTCN", + "color": "#00FA9A" + } +}, +{ + "model": "dojo.language_type", + "pk": 197, + "fields": { + "language": "Twig", + "color": "#006400" + } +}, +{ + "model": "dojo.language_type", + "pk": 198, + "fields": { + "language": "TypeScript", + "color": "#228B22" + } +}, +{ + "model": "dojo.language_type", + "pk": 199, + "fields": { + "language": "Unity-Prefab", + "color": "#00FF00" + } +}, +{ + "model": "dojo.language_type", + "pk": 200, + "fields": { + "language": "Vala", + "color": "#32CD32" + } +}, +{ + "model": "dojo.language_type", + "pk": 201, + "fields": { + "language": "Vala Header", + "color": "#FFFF00" + } +}, +{ + "model": "dojo.language_type", + "pk": 202, + "fields": { + "language": "Velocity Template Language", + "color": "#BDB76B" + } +}, +{ + "model": "dojo.language_type", + "pk": 203, + "fields": { + "language": "Verilog-SystemVerilog", + "color": "#F0E68C" + } +}, +{ + "model": "dojo.language_type", + "pk": 204, + "fields": { + "language": "VHDL", + "color": "#EEE8AA" + } +}, +{ + "model": "dojo.language_type", + "pk": 205, + "fields": { + "language": "vim script", + "color": "#FFDAB9" + } +}, +{ + "model": "dojo.language_type", + "pk": 206, + "fields": { + "language": "Visual Basic", + "color": "#FFE4B5" + } +}, +{ + "model": "dojo.language_type", + "pk": 207, + "fields": { + "language": "Visual Fox Pro", + "color": "#FFEFD5" + } +}, +{ + "model": "dojo.language_type", + "pk": 208, + "fields": { + "language": "Visualforce Component", + "color": "#FAFAD2" + } +}, +{ + "model": "dojo.language_type", + "pk": 209, + "fields": { + "language": "Visualforce Page", + "color": "#FFFACD" + } +}, +{ + "model": "dojo.language_type", + "pk": 210, + "fields": { + "language": "Vuejs Component", + "color": "#FFFFE0" + } +}, +{ + "model": "dojo.language_type", + "pk": 211, + "fields": { + "language": "Windows Message File", + "color": "#FF8C00" + } +}, +{ + "model": "dojo.language_type", + "pk": 212, + "fields": { + "language": "Windows Module Definition", + "color": "#FFA500" + } +}, +{ + "model": "dojo.language_type", + "pk": 213, + "fields": { + "language": "Windows Resource File", + "color": "#FFD700" + } +}, +{ + "model": "dojo.language_type", + "pk": 214, + "fields": { + "language": "WiX include", + "color": "#FF4500" + } +}, +{ + "model": "dojo.language_type", + "pk": 215, + "fields": { + "language": "WiX source", + "color": "#FF6347" + } +}, +{ + "model": "dojo.language_type", + "pk": 216, + "fields": { + "language": "WiX string localization", + "color": "#FF7F50" + } +}, +{ + "model": "dojo.language_type", + "pk": 217, + "fields": { + "language": "XAML", + "color": "#8B0000" + } +}, +{ + "model": "dojo.language_type", + "pk": 218, + "fields": { + "language": "xBase", + "color": "#FF0000" + } +}, +{ + "model": "dojo.language_type", + "pk": 219, + "fields": { + "language": "xBase Header", + "color": "#B22222" + } +}, +{ + "model": "dojo.language_type", + "pk": 220, + "fields": { + "language": "XHTML", + "color": "#DC143C" + } +}, +{ + "model": "dojo.language_type", + "pk": 221, + "fields": { + "language": "XMI", + "color": "#CD5C5C" + } +}, +{ + "model": "dojo.language_type", + "pk": 222, + "fields": { + "language": "XML", + "color": "#F08080" + } +}, +{ + "model": "dojo.language_type", + "pk": 223, + "fields": { + "language": "XQuery", + "color": "#E9967A" + } +}, +{ + "model": "dojo.language_type", + "pk": 224, + "fields": { + "language": "XSD", + "color": "#FA8072" + } +}, +{ + "model": "dojo.language_type", + "pk": 225, + "fields": { + "language": "XSLT", + "color": "#FFA07A" + } +}, +{ + "model": "dojo.language_type", + "pk": 226, + "fields": { + "language": "yacc", + "color": "#f0ffff" + } +}, +{ + "model": "dojo.language_type", + "pk": 227, + "fields": { + "language": "YAML", + "color": "#c1cdcd" + } +}, +{ + "model": "dojo.language_type", + "pk": 228, + "fields": { + "language": "zsh", + "color": "#8b7d6b" + } +}, +{ + "model": "dojo.languages", + "pk": 1, + "fields": { + "language": 90, + "product": 1, + "user": [ + "admin" + ], + "files": 500, + "blank": 100, + "comment": 199, + "code": 15000, + "created": "2021-11-04T09:00:09.802Z" + } +}, +{ + "model": "dojo.languages", + "pk": 2, + "fields": { + "language": 2, + "product": 1, + "user": [ + "admin" + ], + "files": 1, + "blank": 2, + "comment": 2, + "code": 200, + "created": "2021-11-04T09:01:32.568Z" + } +}, +{ + "model": "dojo.languages", + "pk": 3, + "fields": { + "language": 91, + "product": 1, + "user": [ + "admin" + ], + "files": 15, + "blank": 9, + "comment": 10, + "code": 800, + "created": "2021-11-04T09:01:32.581Z" + } +}, +{ + "model": "dojo.languages", + "pk": 4, + "fields": { + "language": 222, + "product": 1, + "user": [ + "admin" + ], + "files": 10, + "blank": 1, + "comment": 8, + "code": 200, + "created": "2021-11-04T09:13:05.769Z" + } +}, +{ + "model": "dojo.app_analysis", + "pk": 1, + "fields": { + "product": 1, + "name": "Tomcat", + "user": [ + "admin" + ], + "confidence": 100, + "version": "8.5.1", + "icon": null, + "website": null, + "website_found": null, + "created": "2021-11-04T09:20:33.477Z", + "tags": [] + } +}, +{ + "model": "dojo.objects_review", + "pk": 1, + "fields": { + "name": "Untracked", + "created": "2021-06-04T07:43:45.626Z" + } +}, +{ + "model": "dojo.objects_review", + "pk": 2, + "fields": { + "name": "Manual Code Review Required", + "created": "2021-06-05T06:44:08.110Z" + } +}, +{ + "model": "dojo.objects_review", + "pk": 3, + "fields": { + "name": "Manual Code Review and Create Test", + "created": "2021-06-08T13:12:41.078Z" + } +}, +{ + "model": "dojo.benchmark_type", + "pk": 1, + "fields": { + "name": "OWASP ASVS", + "version": "v. 3.1", + "benchmark_source": "OWASP ASVS", + "created": "2021-06-22T12:28:05.635Z", + "updated": "2021-06-22T12:32:16.088Z", + "enabled": true + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 1, + "fields": { + "type": 1, + "name": "V7: Cryptography Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That all cryptographic modules fail in a secure manner and that errors are handled correctly.\r\n* That a suitable random number generator is used when randomness is required.\r\n* That access to keys is managed in a secure way.", + "references": "* [OWASP Testing Guide 4.0: Testing for weak Cryptography](https://www.owasp.org/index.php/Testing_for_weak_Cryptography)\r\n* [OWASP Cheat Sheet: Cryptographic Storage](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-22T12:32:50.575Z", + "updated": "2021-06-22T12:32:50.575Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 2, + "fields": { + "type": 1, + "name": "V2: Authentication Verification Requirements", + "objective": "Authentication is the act of establishing, or confirming, something (or someone) as authentic, that is, that claims made by or about the thing are true. Ensure that a verified application satisfies the following high level requirements:\r\n\r\nVerifies the digital identity of the sender of a communication. Ensures that only those authorised are able to authenticate and credentials are transported in a secure manner.", + "references": "* https://www.owasp.org/index.php/Testing_for_authentication\r\n* https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet", + "enabled": true, + "created": "2021-06-28T12:34:11.372Z", + "updated": "2021-06-28T12:34:11.372Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 3, + "fields": { + "type": 1, + "name": "V1: Architecture, Design and Threat Modeling Requirements", + "objective": "In a perfect world, security would be considered throughout all phases of development. In reality however, security is often only a consideration at a late stage in the SDLC. Besides the technical controls, the ASVS requires processes to be in place that ensure that the security has been explicitly addressed when planning the architecture of the application or API, and that the functional and security roles of all components are known. Since single page applications and act as clients to remote API or services, it must be ensured that appropriate security standards are also applied to those services - testing the app in isolation is not sufficient.\r\n\r\nThe category lists requirements pertaining to architecture and design of the app. As such, this is the only category that does not map to technical test cases in the OWASP Testing Guide. To cover topics such as threat modelling, secure SDLC, key management, users of the ASVS should consult the respective OWASP projects and/or other standards such as the ones linked below.", + "references": "* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Threat_Modeling\r\n* https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet\r\n* https://www.microsoft.com/en-us/sdl/\r\n* http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf", + "enabled": true, + "created": "2021-06-29T09:43:01.380Z", + "updated": "2021-06-29T09:43:01.380Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 4, + "fields": { + "type": 1, + "name": "V3: Session Management Verification Requirements", + "objective": "One of the core components of any web-based application is the mechanism by which it controls and maintains the state for a user interacting with it. This is referred to this as Session Management and is defined as the set of all controls governing state-full interaction between a user and the web-based application.\r\n\r\nEnsure that a verified application satisfies the following high level session management requirements:\r\n\r\n* Sessions are unique to each individual and cannot be guessed or shared\r\n* Sessions are invalidated when no longer required and timed out during periods of inactivity.", + "references": "* https://www.owasp.org/index.php/Testing_for_Session_Management\r\n* https://www.owasp.org/index.php/Session_Management_Cheat_Sheet", + "enabled": true, + "created": "2021-06-29T09:46:43.544Z", + "updated": "2021-06-29T09:46:43.544Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 5, + "fields": { + "type": 1, + "name": "V4: Access Control Verification Requirements", + "objective": "Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Persons accessing resources holds valid credentials to do so.\r\n* Users are associated with a well-defined set of roles and privileges.\r\n* Role and permission metadata is protected from replay or tampering.", + "references": "* [OWASP Testing Guide 4.0: Authorization](https://www.owasp.org/index.php/Testing_for_Authorization)\r\n* [OWASP Cheat Sheet: Access Control](https://www.owasp.org/index.php/Access_Control_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T11:08:56.925Z", + "updated": "2021-06-29T11:08:56.925Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 6, + "fields": { + "type": 1, + "name": "V5: Input Validation and Output Encoding Verification Requirements", + "objective": "The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.\r\n\r\nEnsure that a verified application satisfies the following high level requirements:\r\n\r\n* All input is validated to be correct and fit for the intended purpose.\r\n* Data from an external entity or client should never be trusted and should be handled accordingly.", + "references": "* [OWASP Testing Guide 4.0: Input Validation Testing](https://www.owasp.org/index.php/Testing_for_Input_Validation)\r\n* [OWASP Cheat Sheet: Input Validation](https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Testing for HTTP Parameter Pollution](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29)\r\n* [OWASP LDAP Injection Cheat Sheet ](https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Client Side Testing ](https://www.owasp.org/index.php/Client_Side_Testing)\r\n* [OWASP Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)\r\n* [OWASP DOM Based Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet)\r\n* [OWASP Java Encoding Project](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project)\r\n\r\nFor more information on auto-escaping, please see:\r\n\r\n* [Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems](http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html)\r\n* [AngularJS Strict Contextual Escaping](https://docs.angularjs.org/api/ng/service/$sce)\r\n* [ReactJS Escaping](https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks)\r\n* [Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)", + "enabled": true, + "created": "2021-06-29T11:18:52.073Z", + "updated": "2021-06-29T11:18:52.073Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 7, + "fields": { + "type": 1, + "name": "V8: Error Handling and Logging Verification Requirements", + "objective": "The primary objective of error handling and logging is to provide a useful reaction by the user, administrators, and incident response teams. The objective is not to create massive amounts of logs, but high quality logs, with more signal than discarded noise.\r\n\r\nHigh quality logs will often contain sensitive data, and must be protected as per local data privacy laws or directives. This should include:\r\n\r\n* Not collecting or logging sensitive information if not specifically required.\r\n* Ensuring all logged information is handled securely and protected as per its data classification.\r\n* Ensuring that logs are not forever, but have an absolute lifetime that is as short as possible.\r\n\r\nIf logs contain private or sensitive data, the definition of which varies from country to country, the logs become some of the most sensitive information held by the application and thus very attractive to attackers in their own right.", + "references": "* [OWASP Testing Guide 4.0 content: Testing for Error Handling](https://www.owasp.org/index.php/Testing_for_Error_Handling)", + "enabled": true, + "created": "2021-06-29T11:35:35.432Z", + "updated": "2021-06-29T11:35:35.432Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 8, + "fields": { + "type": 1, + "name": "V9: Data Protection Verification Requirements", + "objective": "There are three key elements to sound data protection: Confidentiality, Integrity and Availability (CIA). This standard assumes that data protection is enforced on a trusted system, such as a server, which has been hardened and has sufficient protections.\r\n\r\nApplications have to assume that all user devices are compromised in some way. Where an application transmits or stores sensitive information on insecure devices, such as shared computers, phones and tablets, the application is responsible for ensuring data stored on these devices is encrypted and cannot be easily illicitly obtained, altered or disclosed.\r\n\r\nEnsure that a verified application satisfies the following high level data protection requirements:\r\n\r\n*\tConfidentiality: Data should be protected from unauthorised observation or disclosure both in transit and when stored.\r\n*\tIntegrity: Data should be protected being maliciously created, altered or deleted by unauthorized attackers.\r\n*\tAvailability: Data should be available to authorized users as required", + "references": "* [Consider using Security Headers website to check security and anti-caching headers](https://securityheaders.io)\r\n* [OWASP Secure Headers project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)\r\n* [User Privacy Protection Cheat Sheet](https://www.owasp.org/index.php/User_Privacy_Protection_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T12:24:47.748Z", + "updated": "2021-06-29T12:24:47.748Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 9, + "fields": { + "type": 1, + "name": "V10: Communications Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That TLS is used where sensitive data is transmitted.\r\n* That strong algorithms and ciphers are used at all times.", + "references": "* [OWASP TLS Cheat Sheet. ](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet)\r\n* [Notes on Approved modes of TLS. In the past, the ASVS referred to the US standard FIPS 140-2, but as a global standard, applying US standards this can be difficult, contradictory, or confusing to apply. A better method of achieving compliance with 10.8 would be to review guides such as (https://wiki.mozilla.org/Security/Server_Side_TLS), generate known good configurations (https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known TLS evaluation tools, such as sslyze, various vulnerability scanners or trusted TLS online assessment services to obtain a desired level of security. In general, we see non-compliance for this section being the use of outdated or insecure ciphers and algorithms, the lack of perfect forward secrecy, outdated or insecure SSL protocols, weak preferred ciphers, and so on.]\r\n* [Certificate pinning. For more information please review ](https://tools.ietf.org/html/rfc7469.)The rationale behind certificate pinning for production and backup keys is business continuity - see (https://noncombatant.org/2015/05/01/about-http-public-key-pinning/)\r\n* [OWASP Certificate Pinning Cheat Sheet](https://www.owasp.org/index.php/Pinning_Cheat_Sheet)\r\n* [OWASP Certificate and Public Key Pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning)\r\n* [Time of first use (TOFU) Pinning](https://developer.mozilla.org/en/docs/Web/Security/Public_Key_Pinning)\r\n* [Pre-loading HTTP Strict Transport Security](https://www.chromium.org/hsts)", + "enabled": true, + "created": "2021-06-29T17:57:07.587Z", + "updated": "2021-06-29T17:57:07.587Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 10, + "fields": { + "type": 1, + "name": "V13: Malicious Code Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Malicious activity is handled securely and properly as to not affect the rest of the application.\r\n* Do not have time bombs or other time based attacks built into them\r\n* Do not phone home to malicious or unauthorized destinations\r\n* Applications do not have back doors, Easter eggs, salami attacks, or logic flaws that can be controlled by an attacker\r\n\r\nMalicious code is extremely rare, and is difficult to detect. Manual line by line code review can assist looking for logic bombs, but even the most experienced code reviewer will struggle to find malicious code even if they know it exists. This section is not possible to complete without access to source code, including as many third party libraries as possible.", + "references": "", + "enabled": true, + "created": "2021-06-29T18:11:08.320Z", + "updated": "2021-06-29T18:11:08.320Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 11, + "fields": { + "type": 1, + "name": "V15: Business Logic Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* The business logic flow is sequential and in order\r\n* Business logic includes limits to detect and prevent automated attacks, such as continuous small funds transfers, or adding a million friends one at a time, and so on.\r\n* High value business logic flows have considered abuse cases and malicious actors, and have protections against spoofing, tampering, repudiation, information disclosure, and elevation of privilege attacks.", + "references": "* [OWASP Testing Guide 4.0: Business Logic Testing ](https://www.owasp.org/index.php/Testing_for_business_logic)\r\n* [OWASP Cheat Sheet](https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet)", + "enabled": true, + "created": "2021-06-29T18:13:46.162Z", + "updated": "2021-06-29T18:13:46.162Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 12, + "fields": { + "type": 1, + "name": "V16: File and Resources Verification Requirements", + "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Untrusted file data should be handled accordingly and in a secure manner\r\n* Obtained from untrusted sources are stored outside the webroot and limited permissions.", + "references": "", + "enabled": true, + "created": "2021-06-29T18:23:02.384Z", + "updated": "2021-06-29T18:23:02.384Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 13, + "fields": { + "type": 1, + "name": "V18: API and Web Service Verification Requirements", + "objective": "Ensure that a verified application that uses RESTful or SOAP based web services has:\r\n\r\n* Adequate authentication, session management and authorization of all web services\r\n* Input validation of all parameters that transit from a lower to higher trust level\r\n* Basic interoperability of SOAP web services layer to promote API use", + "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)\r\n* [OWASP Cross-Site Request Forgery cheat sheet](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)\r\n* [JSON Web Tokens (and Signing)](https://jwt.io/)", + "enabled": true, + "created": "2021-06-29T18:35:16.622Z", + "updated": "2021-06-29T18:35:16.622Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 14, + "fields": { + "type": 1, + "name": "V19: Configuration Verification Requirements", + "objective": "* Up to date libraries and platform(s).\r\n* A secure by default configuration.\r\n* Sufficient hardening that user initiated changes to default configuration do not unnecessarily expose or create security weaknesses or flaws to underlying systems.", + "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)", + "enabled": true, + "created": "2021-06-29T18:35:55.518Z", + "updated": "2021-06-29T18:35:55.518Z" + } +}, +{ + "model": "dojo.benchmark_category", + "pk": 15, + "fields": { + "type": 1, + "name": "V20: Internet of Things Verification Requirements", + "objective": "Embedded/IoT devices should:\r\n\r\n* Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.\r\n* Sensitive data stored on the device should be done so in a secure manner.\r\n* All sensitive data transmitted from the device should utilize transport layer security.", + "references": "* [OWASP Internet of Things Top 10](https://www.owasp.org/files/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)\r\n* [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)\r\n* [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)", + "enabled": true, + "created": "2021-06-29T18:36:37.446Z", + "updated": "2021-06-29T18:36:37.446Z" + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 1, + "fields": { + "category": 1, + "objective_number": "7.2", + "objective": "Verify that all cryptographic modules fail securely, and errors are handled in a way that does not enable Padding Oracle.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-22T12:37:28.273Z", + "updated": "2021-06-22T12:37:28.273Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 2, + "fields": { + "category": 1, + "objective_number": "7.6", + "objective": "Verify that all random numbers, random file names, random GUIDs, and random strings are generated using the cryptographic modules approved random number generator when these random values are intended to be not guessable by an attacker.\",", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-23T08:40:34.631Z", + "updated": "2021-06-23T08:40:34.631Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 3, + "fields": { + "category": 1, + "objective_number": "7.7", + "objective": "Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard.", + "references": "", + "level_1": true, + "level_2": false, + "level_3": false, + "enabled": true, + "created": "2021-06-23T12:55:37.713Z", + "updated": "2021-06-23T12:55:37.713Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 4, + "fields": { + "category": 2, + "objective_number": "2.1", + "objective": "Verify all pages and resources are protected by server-side authentication, except those specifically intended to be public.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-28T13:07:20.805Z", + "updated": "2021-06-28T13:07:20.805Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 5, + "fields": { + "category": 3, + "objective_number": "1.1", + "objective": "All app components are identified and known to be needed.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:51:05.383Z", + "updated": "2021-06-29T09:51:05.383Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 6, + "fields": { + "category": 3, + "objective_number": "1.2", + "objective": "Security controls are never enforced only on the client side, but on the respective remote endpoints.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:09.763Z", + "updated": "2021-06-29T09:52:09.763Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 7, + "fields": { + "category": 3, + "objective_number": "1.3", + "objective": "A high-level architecture for the application and all connected remote services has been defined and security has been addressed in that architecture.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:27.454Z", + "updated": "2021-06-29T09:52:27.454Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 8, + "fields": { + "category": 3, + "objective_number": "1.4", + "objective": "Data considered sensitive in the context of the application is clearly identified.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:52:59.300Z", + "updated": "2021-06-29T09:52:59.300Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 9, + "fields": { + "category": 3, + "objective_number": "1.5", + "objective": "All app components are defined in terms of the business functions and/or security functions they provide.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:53:42.466Z", + "updated": "2021-06-29T09:53:42.466Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 11, + "fields": { + "category": 3, + "objective_number": "1.6", + "objective": "A threat model for the application and the associated remote services has been produced that identifies potential threats and countermeasures.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:54:29.724Z", + "updated": "2021-06-29T09:54:29.724Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 12, + "fields": { + "category": 3, + "objective_number": "1.7", + "objective": "All security controls have a centralized implementation.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:54:45.671Z", + "updated": "2021-06-29T09:54:45.671Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 13, + "fields": { + "category": 3, + "objective_number": "1.8", + "objective": "Components are segregated from each other via a defined security control, such as network segmentation, firewall rules, or cloud based security group", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:55:21.677Z", + "updated": "2021-06-29T09:55:21.677Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 14, + "fields": { + "category": 3, + "objective_number": "1.9", + "objective": "A mechanism for enforcing updates of the application exists.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:55:36.823Z", + "updated": "2021-06-29T09:55:36.823Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 15, + "fields": { + "category": 3, + "objective_number": "1.10", + "objective": "Security is addressed within all parts of the software development lifecycle.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:56:13.684Z", + "updated": "2021-06-29T09:56:13.684Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 16, + "fields": { + "category": 3, + "objective_number": "1.11", + "objective": "All application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:56:43.648Z", + "updated": "2021-06-29T09:56:43.648Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 17, + "fields": { + "category": 3, + "objective_number": "1.12", + "objective": "There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T09:57:12.345Z", + "updated": "2021-06-29T09:57:12.345Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 18, + "fields": { + "category": 2, + "objective_number": "2.2", + "objective": "Verify that the application does not automatically fill in credentials either as hidden fields, URL arguments, Ajax requests, or in forms, as this implies plain text, reversible or de-cryptable password storage. Random time limited nonces are acceptable as stand ins, such as to protect change password forms or forgot password forms.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:47:59.343Z", + "updated": "2021-06-29T10:47:59.343Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 19, + "fields": { + "category": 2, + "objective_number": "2.6", + "objective": "Verify all authentication controls fail securely to ensure attackers cannot log in.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:48:16.224Z", + "updated": "2021-06-29T10:48:16.224Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 20, + "fields": { + "category": 2, + "objective_number": "2.7", + "objective": "Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:48:36.593Z", + "updated": "2021-06-29T10:48:36.593Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 21, + "fields": { + "category": 2, + "objective_number": "2.8", + "objective": "Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:04.310Z", + "updated": "2021-06-29T10:49:04.310Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 22, + "fields": { + "category": 2, + "objective_number": "2.9", + "objective": "Verify that the changing password functionality includes the old password, the new password, and a password confirmation.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:21.570Z", + "updated": "2021-06-29T10:49:21.570Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 23, + "fields": { + "category": 2, + "objective_number": "2.12", + "objective": "Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:49:49.215Z", + "updated": "2021-06-29T10:49:49.215Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 24, + "fields": { + "category": 2, + "objective_number": "2.13", + "objective": "Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:07.859Z", + "updated": "2021-06-29T10:50:07.859Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 25, + "fields": { + "category": 2, + "objective_number": "2.16", + "objective": "Verify that all application data is transmitted over an encrypted channel (e.g. TLS).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:34.637Z", + "updated": "2021-06-29T10:50:34.637Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 26, + "fields": { + "category": 2, + "objective_number": "2.17", + "objective": "Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:50:53.445Z", + "updated": "2021-06-29T10:50:53.445Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 27, + "fields": { + "category": 2, + "objective_number": "2.18", + "objective": "Verify that information enumeration is not possible via login, password reset, or forgot account functionality.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:09.766Z", + "updated": "2021-06-29T10:51:09.766Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 28, + "fields": { + "category": 2, + "objective_number": "2.19", + "objective": "Verify there are no default passwords in use for the application framework or any components used by the application (such as admin/password).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:28.174Z", + "updated": "2021-06-29T10:51:28.174Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 29, + "fields": { + "category": 2, + "objective_number": "2.20", + "objective": "Verify that anti-automation is in place to prevent breached credential testing, brute forcing, and account lockout attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:51:47.647Z", + "updated": "2021-06-29T10:51:47.647Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 30, + "fields": { + "category": 2, + "objective_number": "2.21", + "objective": "Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:54:32.530Z", + "updated": "2021-06-29T10:54:32.530Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 31, + "fields": { + "category": 2, + "objective_number": "2.22", + "objective": "Verify that forgotten password and other recovery paths use a TOTP or other soft token, mobile push, or other offline recovery mechanism. The use of SMS has been deprecated by NIST and should not be used.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:54:50.186Z", + "updated": "2021-06-29T10:54:50.186Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 32, + "fields": { + "category": 2, + "objective_number": "2.23", + "objective": "Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:08.158Z", + "updated": "2021-06-29T10:55:08.158Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 33, + "fields": { + "category": 2, + "objective_number": "2.24", + "objective": "Verify that if secret questions are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:28.074Z", + "updated": "2021-06-29T10:55:28.074Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 34, + "fields": { + "category": 2, + "objective_number": "2.25", + "objective": "Verify that high value applications can be configured to disallow the use of a configurable number of previous passwords.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:55:48.990Z", + "updated": "2021-06-29T10:55:48.990Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 35, + "fields": { + "category": 2, + "objective_number": "2.26", + "objective": "Verify that sensitive operations (e.g. change password, change email address, add new biller, etc.) require re-authentication (e.g. password or 2FA token). This is in addition to CSRF measures, not instead.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:04.324Z", + "updated": "2021-06-29T10:56:04.324Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 36, + "fields": { + "category": 2, + "objective_number": "2.27", + "objective": "Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:22.701Z", + "updated": "2021-06-29T10:56:22.701Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 37, + "fields": { + "category": 2, + "objective_number": "2.28", + "objective": "Verify that all authentication challenges, whether successful or failed, should respond in the same average response time.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:56:44.117Z", + "updated": "2021-06-29T10:56:44.117Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 38, + "fields": { + "category": 2, + "objective_number": "2.29", + "objective": "Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:00.884Z", + "updated": "2021-06-29T10:57:00.884Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 39, + "fields": { + "category": 2, + "objective_number": "2.31", + "objective": "Verify that users can enrol and use TOTP verification, two-factor, biometric (Touch ID or similar), or equivalent multi-factor authentication mechanism that provides protection against single factor credential disclosure.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:20.100Z", + "updated": "2021-06-29T10:57:20.100Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 40, + "fields": { + "category": 2, + "objective_number": "2.32", + "objective": "Verify that access to administrative interfaces are strictly controlled and not accessible to untrusted parties.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:37.083Z", + "updated": "2021-06-29T10:57:37.083Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 41, + "fields": { + "category": 2, + "objective_number": "3.1", + "objective": "Verify that the application is compatible with browser based and third party password managers, unless prohibited by risk based policy.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T10:57:54.657Z", + "updated": "2021-06-29T10:57:54.657Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 42, + "fields": { + "category": 4, + "objective_number": "3.2", + "objective": "Verify that sessions are invalidated when the user logs out.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:03:24.654Z", + "updated": "2021-06-29T11:03:24.654Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 43, + "fields": { + "category": 4, + "objective_number": "3.3", + "objective": "Verify that sessions timeout after a specified period of inactivity.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:03:42.209Z", + "updated": "2021-06-29T11:03:42.209Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 44, + "fields": { + "category": 4, + "objective_number": "3.4", + "objective": "Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:05.047Z", + "updated": "2021-06-29T11:04:05.047Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 45, + "fields": { + "category": 4, + "objective_number": "3.5", + "objective": "Verify that all pages that require authentication have easy and visible access to logout functionality.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:26.223Z", + "updated": "2021-06-29T11:04:26.223Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 46, + "fields": { + "category": 4, + "objective_number": "3.6", + "objective": "Test that the session ID is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:04:46.281Z", + "updated": "2021-06-29T11:04:46.281Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 47, + "fields": { + "category": 4, + "objective_number": "3.7", + "objective": "Verify that all successful authentication and re-authentication generates a new session and session id.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:07.271Z", + "updated": "2021-06-29T11:05:07.271Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 48, + "fields": { + "category": 4, + "objective_number": "3.10", + "objective": "Verify that only session ids generated by the application framework are recognised as active by the application.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:28.910Z", + "updated": "2021-06-29T11:05:28.910Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 49, + "fields": { + "category": 4, + "objective_number": "3.11", + "objective": "Test session IDs against criteria such as their randomness, uniqueness, resistance to statistical and cryptographic analysis and information leakage.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:05:44.227Z", + "updated": "2021-06-29T11:05:44.227Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 50, + "fields": { + "category": 4, + "objective_number": "3.12", + "objective": "Verify that session IDs stored in cookies are scoped using the 'path' attribute; and have the 'HttpOnly' and 'Secure' cookie flags enabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:03.581Z", + "updated": "2021-06-29T11:06:03.581Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 51, + "fields": { + "category": 4, + "objective_number": "3.17", + "objective": "Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:26.772Z", + "updated": "2021-06-29T11:06:26.772Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 52, + "fields": { + "category": 4, + "objective_number": "3.18", + "objective": "Verify for high value applications that the user is prompted with the option to terminate all other active sessions after a successful change password process.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:06:53.011Z", + "updated": "2021-06-29T11:06:53.011Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 53, + "fields": { + "category": 5, + "objective_number": "4.1", + "objective": "Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:09:31.529Z", + "updated": "2021-06-29T11:09:31.529Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 54, + "fields": { + "category": 5, + "objective_number": "4.4", + "objective": "Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:09:48.249Z", + "updated": "2021-06-29T11:09:48.249Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 55, + "fields": { + "category": 5, + "objective_number": "4.5", + "objective": "Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:05.314Z", + "updated": "2021-06-29T11:10:05.314Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 56, + "fields": { + "category": 5, + "objective_number": "4.8", + "objective": "Verify that access controls fail securely.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:23.333Z", + "updated": "2021-06-29T11:10:23.333Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 57, + "fields": { + "category": 5, + "objective_number": "4.9", + "objective": "Verify that the same access control rules implied by the presentation layer are enforced on the server side.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:10:44.662Z", + "updated": "2021-06-29T11:10:44.662Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 58, + "fields": { + "category": 5, + "objective_number": "4.10", + "objective": "Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:09.221Z", + "updated": "2021-06-29T11:11:09.221Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 59, + "fields": { + "category": 5, + "objective_number": "4.11", + "objective": "Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:27.195Z", + "updated": "2021-06-29T11:11:27.195Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 60, + "fields": { + "category": 5, + "objective_number": "4.12", + "objective": "Verify that all access control decisions can be logged and all failed decisions are logged.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:11:42.332Z", + "updated": "2021-06-29T11:11:42.332Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 61, + "fields": { + "category": 5, + "objective_number": "4.13", + "objective": "Verify that the application or framework uses strong random anti-CSRF tokens or has another transaction protection mechanism.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:15.969Z", + "updated": "2021-06-29T11:12:15.969Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 62, + "fields": { + "category": 5, + "objective_number": "4.4", + "objective": "Verify the system can protect against aggregate or continuous access of secured functions, resources, or data. For example, consider the use of a resource governor to limit the number of edits per hour or to prevent the entire database from being scraped by an individual user.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:31.357Z", + "updated": "2021-06-29T11:12:31.357Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 63, + "fields": { + "category": 5, + "objective_number": "4.15", + "objective": "Verify the application has additional authorization (such as step up or adaptive authentication) for lower value systems, and / or segregation of duties for high value applications to enforce anti-fraud controls as per the risk of application and past fraud.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:12:55.170Z", + "updated": "2021-06-29T11:12:55.170Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 64, + "fields": { + "category": 5, + "objective_number": "4.16", + "objective": "Verify that the application correctly enforces context-sensitive authorisation so as to not allow unauthorised manipulation by means of parameter tampering.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:13:13.009Z", + "updated": "2021-06-29T11:13:13.009Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 65, + "fields": { + "category": 6, + "objective_number": "5.3", + "objective": "Verify that server side input validation failures result in request rejection and are logged.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:19:50.413Z", + "updated": "2021-06-29T11:19:50.413Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 66, + "fields": { + "category": 6, + "objective_number": "5.5", + "objective": "Verify that input validation routines are enforced on the server side.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:14.088Z", + "updated": "2021-06-29T11:20:14.088Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 67, + "fields": { + "category": 6, + "objective_number": "5.6", + "objective": "Verify that a centralized input validation control mechanism is used by the application.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:34.745Z", + "updated": "2021-06-29T11:20:34.745Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 68, + "fields": { + "category": 6, + "objective_number": "5.10", + "objective": "Verify that all database queries are protected by the use of parameterized queries or proper ORM usage to avoid SQL injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:20:50.454Z", + "updated": "2021-06-29T11:20:50.454Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 69, + "fields": { + "category": 6, + "objective_number": "5.11", + "objective": "Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:06.964Z", + "updated": "2021-06-29T11:21:06.964Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 70, + "fields": { + "category": 6, + "objective_number": "5.12", + "objective": "Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:23.126Z", + "updated": "2021-06-29T11:21:23.126Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 71, + "fields": { + "category": 6, + "objective_number": "5.13", + "objective": "Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:40.437Z", + "updated": "2021-06-29T11:21:40.437Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 72, + "fields": { + "category": 6, + "objective_number": "5.14", + "objective": "Verify that the application is not susceptible XPath injection or XML injection attacks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:21:55.675Z", + "updated": "2021-06-29T11:21:55.675Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 73, + "fields": { + "category": 6, + "objective_number": "5.15", + "objective": "Verify that all string variables placed into HTML or other web client code are either properly contextually encoded manually, or utilize templates that automatically contextually encode to ensure the application is not susceptible to reflected, stored or DOM Cross-Site Scripting (XSS) attacks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:11.541Z", + "updated": "2021-06-29T11:22:11.541Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 74, + "fields": { + "category": 6, + "objective_number": "5.16", + "objective": "Verify that the application does not contain mass parameter assignment (AKA automatic variable binding) vulnerabilities.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:30.790Z", + "updated": "2021-06-29T11:22:30.790Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 75, + "fields": { + "category": 6, + "objective_number": "5.17", + "objective": "Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, environment, etc.)", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:22:49.904Z", + "updated": "2021-06-29T11:22:49.904Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 76, + "fields": { + "category": 6, + "objective_number": "5.19", + "objective": "Verify that all input data is validated, not only HTML form fields but all sources of input such as REST calls, query parameters, HTTP headers, cookies, batch files, RSS feeds, etc; using positive validation (whitelisting), then lesser forms of validation such as grey listing (eliminating known bad strings), or rejecting bad inputs (blacklisting).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:23:08.013Z", + "updated": "2021-06-29T11:23:08.013Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 77, + "fields": { + "category": 6, + "objective_number": "5.20", + "objective": "Verify that structured data is strongly typed and validated against a defined schema including allowed characters, length and pattern (e.g. credit card numbers or telephone, or validating that two related fields are reasonable, such as validating suburbs and zip or post codes match).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:26:04.647Z", + "updated": "2021-06-29T11:26:04.647Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 78, + "fields": { + "category": 6, + "objective_number": "5.21", + "objective": "Verify that unstructured data is sanitized to enforce generic safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. natural names with Unicode or apostrophes, such as O'Hara)", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:26:44.642Z", + "updated": "2021-06-29T11:26:44.642Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 79, + "fields": { + "category": 6, + "objective_number": "5.22", + "objective": "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:09.785Z", + "updated": "2021-06-29T11:27:09.785Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 80, + "fields": { + "category": 6, + "objective_number": "5.24", + "objective": "Verify that where data is transferred from one DOM context to another, the transfer uses safe JavaScript methods, such as using innerText or .val to ensure the application is not susceptible to DOM Cross-Site Scripting (XSS) attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:28.549Z", + "updated": "2021-06-29T11:27:28.549Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 81, + "fields": { + "category": 6, + "objective_number": "5.25", + "objective": "Verify when parsing JSON in browsers or JavaScript based backends, that JSON.parse is used to parse the JSON document. Do not use eval() to parse JSON.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:27:44.629Z", + "updated": "2021-06-29T11:27:44.629Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 82, + "fields": { + "category": 6, + "objective_number": "5.27", + "objective": "Verify the application for Server Side Request Forgery vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:10.149Z", + "updated": "2021-06-29T11:28:10.149Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 83, + "fields": { + "category": 6, + "objective_number": "5.28", + "objective": "Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and to ensure that dangerous features such as resolving external entities are disabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:30.927Z", + "updated": "2021-06-29T11:28:30.927Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 84, + "fields": { + "category": 6, + "objective_number": "5.29", + "objective": "Verify that deserialization of untrusted data is avoided or is extensively protected when deserialization cannot be avoided.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:28:49.023Z", + "updated": "2021-06-29T11:28:49.023Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 85, + "fields": { + "category": 1, + "objective_number": "7.8", + "objective": "Verify that cryptographic modules operate in their approved mode according to their published security policies.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:30:40.745Z", + "updated": "2021-06-29T11:30:40.745Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 86, + "fields": { + "category": 1, + "objective_number": "7.9", + "objective": "Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:31:34.511Z", + "updated": "2021-06-29T11:31:34.511Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 87, + "fields": { + "category": 1, + "objective_number": "7.11", + "objective": "Verify that all consumers of cryptographic services do not have direct access to key material. Isolate cryptographic processes, including master secrets and consider the use of a virtualized or physical hardware key vault (HSM).", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:31:55.623Z", + "updated": "2021-06-29T11:31:55.623Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 88, + "fields": { + "category": 1, + "objective_number": "7.12", + "objective": "Verify that Personally Identifiable Information (PII) and other sensitive data is stored encrypted while at rest.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:32:13.340Z", + "updated": "2021-06-29T11:32:13.340Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 89, + "fields": { + "category": 1, + "objective_number": "7.13", + "objective": "Verify that sensitive passwords or key material maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:32:44.415Z", + "updated": "2021-06-29T11:32:44.415Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 90, + "fields": { + "category": 1, + "objective_number": "7.14", + "objective": "Verify that all keys and passwords are replaceable, and are generated or replaced at installation time.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:33:57.883Z", + "updated": "2021-06-29T11:33:57.883Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 91, + "fields": { + "category": 1, + "objective_number": "7.15", + "objective": "Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:34:17.766Z", + "updated": "2021-06-29T11:34:17.766Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 92, + "fields": { + "category": 7, + "objective_number": "8.1", + "objective": "Verify that the application does not output error messages or stack traces containing sensitive data that could assist an attacker, including session id, software/framework versions and personal information.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:36:36.883Z", + "updated": "2021-06-29T11:36:36.883Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 93, + "fields": { + "category": 7, + "objective_number": "8.2", + "objective": "Verify that error handling logic in security controls denies access by default.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:36:58.013Z", + "updated": "2021-06-29T11:36:58.013Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 94, + "fields": { + "category": 7, + "objective_number": "8.3", + "objective": "Verify security logging controls provide the ability to log success and particularly failure events that are identified as security-relevant.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:44:27.487Z", + "updated": "2021-06-29T11:44:27.487Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 95, + "fields": { + "category": 7, + "objective_number": "8.4", + "objective": "Verify that each log event includes necessary information that would allow for a detailed investigation of the timeline when an event happens.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:44:46.451Z", + "updated": "2021-06-29T11:44:46.451Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 96, + "fields": { + "category": 7, + "objective_number": "8.5", + "objective": "Verify that all events that include untrusted data will not execute as code in the intended log viewing software.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:02.199Z", + "updated": "2021-06-29T11:45:02.199Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 97, + "fields": { + "category": 7, + "objective_number": "8.6", + "objective": "Verify that security logs are protected from unauthorized access and modification.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:22.653Z", + "updated": "2021-06-29T11:45:22.653Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 98, + "fields": { + "category": 7, + "objective_number": "8.7", + "objective": "Verify that the application does not log sensitive data as defined under local privacy laws or regulations, organizational sensitive data as defined by a risk assessment, or sensitive authentication data that could assist an attacker, including user's session identifiers, passwords, hashes, or API tokens.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:45:49.298Z", + "updated": "2021-06-29T11:45:49.298Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 99, + "fields": { + "category": 7, + "objective_number": "8.8", + "objective": "Verify that all non-printable symbols and field separators are properly encoded in log entries, to prevent log injection.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:04.125Z", + "updated": "2021-06-29T11:46:04.125Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 100, + "fields": { + "category": 7, + "objective_number": "8.9", + "objective": "Verify that log fields from trusted and untrusted sources are distinguishable in log entries.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:26.650Z", + "updated": "2021-06-29T11:46:26.650Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 101, + "fields": { + "category": 7, + "objective_number": "8.10", + "objective": "Verify that an audit log or similar allows for non-repudiation of key transactions.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:46:45.582Z", + "updated": "2021-06-29T11:46:45.582Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 102, + "fields": { + "category": 7, + "objective_number": "8.11", + "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:47:02.190Z", + "updated": "2021-06-29T11:47:02.190Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 103, + "fields": { + "category": 7, + "objective_number": "8.12", + "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:47:46.283Z", + "updated": "2021-06-29T11:47:46.283Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 104, + "fields": { + "category": 7, + "objective_number": "8.13", + "objective": "Verify that time sources are synchronized to the correct time and time zone.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T11:48:05.620Z", + "updated": "2021-06-29T11:48:05.620Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 105, + "fields": { + "category": 8, + "objective_number": "9.1", + "objective": "Verify that all forms containing sensitive information have disabled client side caching, including autocomplete features.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:19.688Z", + "updated": "2021-06-29T12:25:19.688Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 106, + "fields": { + "category": 8, + "objective_number": "9.2", + "objective": "Verify that the list of sensitive data processed by the application is identified, and that there is an explicit policy for how access to this data must be controlled, encrypted and enforced under relevant data protection directives.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:40.315Z", + "updated": "2021-06-29T12:25:40.315Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 107, + "fields": { + "category": 8, + "objective_number": "9.3", + "objective": "Verify that all sensitive data is sent to the server in the HTTP message body or headers (i.e., URL parameters are never used to send sensitive data).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:25:56.919Z", + "updated": "2021-06-29T12:25:56.919Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 108, + "fields": { + "category": 8, + "objective_number": "9.4", + "objective": "Verify that the application sets sufficient anti-caching headers such that any sensitive and personal information displayed by the application or entered by the user should not be cached on disk by mainstream modern browsers (e.g. visit about:cache to review disk cache).", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:14.205Z", + "updated": "2021-06-29T12:26:14.205Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 109, + "fields": { + "category": 8, + "objective_number": "9.5", + "objective": "Verify that on the server, all cached or temporary copies of sensitive data stored are protected from unauthorized access or purged/invalidated after the authorized user accesses the sensitive data.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:30.429Z", + "updated": "2021-06-29T12:26:30.429Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 110, + "fields": { + "category": 8, + "objective_number": "9.6", + "objective": "Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:26:45.509Z", + "updated": "2021-06-29T12:26:45.509Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 111, + "fields": { + "category": 8, + "objective_number": "9.7", + "objective": "Verify the application minimizes the number of parameters in a request, such as hidden fields, Ajax variables, cookies and header values.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:04.786Z", + "updated": "2021-06-29T12:27:04.786Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 112, + "fields": { + "category": 8, + "objective_number": "9.8", + "objective": "Verify the application has the ability to detect and alert on abnormal numbers of requests for data harvesting for an example screen scraping.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:20.007Z", + "updated": "2021-06-29T12:27:20.007Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 113, + "fields": { + "category": 8, + "objective_number": "9.9", + "objective": "Verify that data stored in client side storage (such as HTML5 local storage, session storage, IndexedDB, regular cookies or Flash cookies) does not contain sensitive data or PII.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:27:37.137Z", + "updated": "2021-06-29T12:27:37.137Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 114, + "fields": { + "category": 8, + "objective_number": "9.10", + "objective": "Verify accessing sensitive data is logged, if the data is collected under relevant data protection directives or where logging of accesses is required.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:01.849Z", + "updated": "2021-06-29T12:28:01.849Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 115, + "fields": { + "category": 8, + "objective_number": "9.11", + "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:19.464Z", + "updated": "2021-06-29T12:28:19.464Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 116, + "fields": { + "category": 8, + "objective_number": "9.14", + "objective": "Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T12:28:36.368Z", + "updated": "2021-06-29T12:28:36.368Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 117, + "fields": { + "category": 9, + "objective_number": "10.1", + "objective": "Verify that a path can be built from a trusted CA to each Transport Layer Security (TLS) server certificate, and that each server certificate is valid.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:57:51.724Z", + "updated": "2021-06-29T17:57:51.724Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 118, + "fields": { + "category": 9, + "objective_number": "10.2", + "objective": "Verify that TLS is used for all connections (including both external and backend connections) that are authenticated or that involve sensitive data or functions, and does not fall back to insecure or unencrypted protocols. Ensure the strongest alternative is the preferred algorithm.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:58:08.701Z", + "updated": "2021-06-29T17:58:08.701Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 119, + "fields": { + "category": 9, + "objective_number": "10.3", + "objective": "Verify that backend TLS connection failures are logged.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:58:43.008Z", + "updated": "2021-06-29T17:58:43.008Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 120, + "fields": { + "category": 9, + "objective_number": "10.4", + "objective": "Verify that certificate paths are built and verified for all client certificates using configured trust anchors and revocation information.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:00.835Z", + "updated": "2021-06-29T17:59:00.835Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 121, + "fields": { + "category": 9, + "objective_number": "10.5", + "objective": "Verify that all connections to external systems that involve sensitive information or functions are authenticated.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:17.563Z", + "updated": "2021-06-29T17:59:17.563Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 122, + "fields": { + "category": 9, + "objective_number": "10.6", + "objective": "Verify that there is a single standard TLS implementation that is used by the application that is configured to operate in an approved mode of operation.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:33.860Z", + "updated": "2021-06-29T17:59:33.860Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 123, + "fields": { + "category": 9, + "objective_number": "10.7", + "objective": "Verify that TLS certificate public key pinning (HPKP) is implemented with production and backup public keys. For more information, please see the references below.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T17:59:57.308Z", + "updated": "2021-06-29T17:59:57.308Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 124, + "fields": { + "category": 9, + "objective_number": "10.8", + "objective": "Verify that HTTP Strict Transport Security headers are included on all requests and for all subdomains, such as Strict-Transport-Security: max-age=15724800; includeSubdomains", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:00:23.218Z", + "updated": "2021-06-29T18:00:23.218Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 125, + "fields": { + "category": 9, + "objective_number": "10.9", + "objective": "Verify that production website URL has been submitted to preloaded list of Strict Transport Security domains maintained by web browser vendors. Please see the references below.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:00:46.523Z", + "updated": "2021-06-29T18:00:46.523Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 126, + "fields": { + "category": 9, + "objective_number": "10.11", + "objective": "Verify that perfect forward secrecy is configured to mitigate passive attackers recording traffic.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:11.667Z", + "updated": "2021-06-29T18:01:11.667Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 127, + "fields": { + "category": 9, + "objective_number": "10.11", + "objective": "Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:31.481Z", + "updated": "2021-06-29T18:01:31.481Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 128, + "fields": { + "category": 9, + "objective_number": "10.13", + "objective": "Verify that only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates of your selected certifying authority.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:01:46.036Z", + "updated": "2021-06-29T18:01:46.036Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 129, + "fields": { + "category": 9, + "objective_number": "10.14", + "objective": "Verify that the TLS settings are in line with current leading practice, particularly as common configurations, ciphers, and algorithms become insecure.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:02:06.170Z", + "updated": "2021-06-29T18:02:06.170Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 130, + "fields": { + "category": 10, + "objective_number": "13.1", + "objective": "Verify all malicious activity is adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:11:51.230Z", + "updated": "2021-06-29T18:11:51.230Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 131, + "fields": { + "category": 10, + "objective_number": "13.2", + "objective": "Verify that the application source code, and as many third party libraries as possible, does not contain back doors, Easter eggs, and logic flaws in authentication, access control, input validation, and the business logic of high value transactions.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:12:07.933Z", + "updated": "2021-06-29T18:12:07.933Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 132, + "fields": { + "category": 11, + "objective_number": "15.1", + "objective": "Verify the application will only process business logic flows in sequential step order, with all steps being processed in realistic human time, and not process out of order, skipped steps, process steps from another user, or too quickly submitted transactions.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:14:19.422Z", + "updated": "2021-06-29T18:14:19.422Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 133, + "fields": { + "category": 11, + "objective_number": "15.2", + "objective": "Verify the application has business limits and correctly enforces on a per user basis, with configurable alerting and automated reactions to automated or unusual attack.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:14:36.697Z", + "updated": "2021-06-29T18:14:36.697Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 134, + "fields": { + "category": 12, + "objective_number": "16.1", + "objective": "Verify that URL redirects and forwards only allow whitelisted destinations, or show a warning when redirecting to potentially untrusted content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:26:27.533Z", + "updated": "2021-06-29T18:26:27.533Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 135, + "fields": { + "category": 12, + "objective_number": "16.2", + "objective": "Verify that untrusted file data submitted to the application is not used directly with file I/O commands, particularly to protect against path traversal, local file include, file mime type, reflective file download, and OS command injection vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:26:43.732Z", + "updated": "2021-06-29T18:26:43.732Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 136, + "fields": { + "category": 12, + "objective_number": "16.3", + "objective": "Verify that files obtained from untrusted sources are validated to be of expected type and scanned by antivirus scanners to prevent upload of known malicious content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:27:09.137Z", + "updated": "2021-06-29T18:27:09.137Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 137, + "fields": { + "category": 12, + "objective_number": "16.4", + "objective": "Verify that untrusted data is not used within inclusion, class loader, or reflection capabilities to prevent remote/local code execution vulnerabilities.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:29:28.123Z", + "updated": "2021-06-29T18:29:28.123Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 138, + "fields": { + "category": 12, + "objective_number": "16.5", + "objective": "Verify that untrusted data is not used within cross-domain resource sharing (CORS) to protect against arbitrary remote content.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:29:48.225Z", + "updated": "2021-06-29T18:29:48.225Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 139, + "fields": { + "category": 12, + "objective_number": "16.6", + "objective": "Verify that files obtained from untrusted sources are stored outside the webroot, with limited permissions, preferably with strong validation.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:05.507Z", + "updated": "2021-06-29T18:30:05.507Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 140, + "fields": { + "category": 12, + "objective_number": "16.7", + "objective": "Verify that the web or application server is configured by default to deny access to remote resources or systems outside the web or application server.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:24.537Z", + "updated": "2021-06-29T18:30:24.537Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 141, + "fields": { + "category": 12, + "objective_number": "16.8", + "objective": "Verify the application code does not execute uploaded data obtained from untrusted sources.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:41.998Z", + "updated": "2021-06-29T18:30:41.998Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 142, + "fields": { + "category": 12, + "objective_number": "16.9", + "objective": "Verify that unsupported, insecure or deprecated client-side technologies are not used, such as NSAPI plugins, Flash, Shockwave, Active-X, Silverlight, NACL, or client-side Java applets.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:30:57.916Z", + "updated": "2021-06-29T18:30:57.916Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 143, + "fields": { + "category": 12, + "objective_number": "16.10", + "objective": "Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header does not simply reflect the request's origin header or support the \"null\" origin.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-29T18:31:14.337Z", + "updated": "2021-06-29T18:31:14.337Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 144, + "fields": { + "category": 15, + "objective_number": "20.1", + "objective": "Verify that application layer debugging interfaces such USB or serial are disabled.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:00.289Z", + "updated": "2021-06-30T03:30:00.289Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 145, + "fields": { + "category": 15, + "objective_number": "20.2", + "objective": "Verify that cryptographic keys are unique to each individual device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:19.974Z", + "updated": "2021-06-30T03:30:19.974Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 146, + "fields": { + "category": 15, + "objective_number": "20.3", + "objective": "Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:34.796Z", + "updated": "2021-06-30T03:30:34.796Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 147, + "fields": { + "category": 15, + "objective_number": "20.4", + "objective": "Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:30:55.266Z", + "updated": "2021-06-30T03:30:55.266Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 148, + "fields": { + "category": 15, + "objective_number": "20.5", + "objective": "Verify that physical debug headers are not present on the device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:31:42.393Z", + "updated": "2021-06-30T03:31:42.393Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 149, + "fields": { + "category": 15, + "objective_number": "20.6", + "objective": "Verify that sensitive data is not stored unencrypted on the device.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:01.534Z", + "updated": "2021-06-30T03:32:01.534Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 150, + "fields": { + "category": 15, + "objective_number": "20.7", + "objective": "Verify that the device prevents leaking of sensitive information.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:22.208Z", + "updated": "2021-06-30T03:32:22.208Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 151, + "fields": { + "category": 15, + "objective_number": "20.8", + "objective": "Verify that the firmware apps protect data-in-transit using transport security.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:32:56.382Z", + "updated": "2021-06-30T03:32:56.382Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 152, + "fields": { + "category": 15, + "objective_number": "20.9", + "objective": "Verify that the firmware apps validate the digital signature of server connections.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:33:18.948Z", + "updated": "2021-06-30T03:33:18.948Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 153, + "fields": { + "category": 15, + "objective_number": "20.10", + "objective": "Verify that wireless communications are mutually authenticated.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:33:40.069Z", + "updated": "2021-06-30T03:33:40.069Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 154, + "fields": { + "category": 15, + "objective_number": "20.11", + "objective": "Verify that wireless communications are sent over an encrypted channel.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:00.224Z", + "updated": "2021-06-30T03:34:00.224Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 155, + "fields": { + "category": 15, + "objective_number": "20.12", + "objective": "Verify that the firmware apps pin the digital signature to a trusted server(s).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:16.802Z", + "updated": "2021-06-30T03:34:16.802Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 156, + "fields": { + "category": 15, + "objective_number": "20.13", + "objective": "Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:34:36.393Z", + "updated": "2021-06-30T03:34:36.393Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 157, + "fields": { + "category": 15, + "objective_number": "20.14", + "objective": "Verify that identifying markings on chips have been removed.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:08.498Z", + "updated": "2021-06-30T03:35:08.498Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 158, + "fields": { + "category": 15, + "objective_number": "20.15", + "objective": "Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:24.271Z", + "updated": "2021-06-30T03:35:24.271Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 159, + "fields": { + "category": 15, + "objective_number": "20.16", + "objective": "Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:35:45.152Z", + "updated": "2021-06-30T03:35:45.152Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 160, + "fields": { + "category": 15, + "objective_number": "20.17", + "objective": "Verify the device validates the boot image signature before loading.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:02.979Z", + "updated": "2021-06-30T03:36:02.979Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 161, + "fields": { + "category": 15, + "objective_number": "20.18", + "objective": "Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:19.093Z", + "updated": "2021-06-30T03:36:19.093Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 162, + "fields": { + "category": 15, + "objective_number": "20.19", + "objective": "Verify the device uses code signing and validates firmware upgrade files before installing.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:34.926Z", + "updated": "2021-06-30T03:36:34.926Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 163, + "fields": { + "category": 15, + "objective_number": "20.20", + "objective": "Verify that the device cannot be downgraded to old versions of valid firmware.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:36:52.972Z", + "updated": "2021-06-30T03:36:52.972Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 164, + "fields": { + "category": 15, + "objective_number": "20.21", + "objective": "Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators).", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:09.554Z", + "updated": "2021-06-30T03:37:09.554Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 165, + "fields": { + "category": 15, + "objective_number": "20.22", + "objective": "Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:31.703Z", + "updated": "2021-06-30T03:37:31.703Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 166, + "fields": { + "category": 15, + "objective_number": "20.23", + "objective": "Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:43.128Z", + "updated": "2021-06-30T03:37:43.128Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 167, + "fields": { + "category": 15, + "objective_number": "20.24", + "objective": "Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:37:57.432Z", + "updated": "2021-06-30T03:37:57.432Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 168, + "fields": { + "category": 15, + "objective_number": "20.25", + "objective": "Verify that sensitive traces are not exposed to outer layers of the printed circuit board.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:10.177Z", + "updated": "2021-06-30T03:38:10.177Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 169, + "fields": { + "category": 15, + "objective_number": "20.26", + "objective": "Verify that inter-chip communication is encrypted.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:22.674Z", + "updated": "2021-06-30T03:38:22.674Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 170, + "fields": { + "category": 15, + "objective_number": "20.27", + "objective": "Verify the device uses code signing and validates code before execution.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:35.542Z", + "updated": "2021-06-30T03:38:35.542Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 171, + "fields": { + "category": 15, + "objective_number": "20.27", + "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:38:53.380Z", + "updated": "2021-06-30T03:38:53.380Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 172, + "fields": { + "category": 15, + "objective_number": "20.29", + "objective": "Verify that the firmware apps utilize kernel containers for isolation between apps.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:39:11.285Z", + "updated": "2021-06-30T03:39:11.285Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 173, + "fields": { + "category": 14, + "objective_number": "19.1", + "objective": "Verify that all components are up to date with proper security configuration(s) and version(s). This should include removal of unneeded configurations and folders such as sample applications, platform documentation, and default or example users.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:46:31.397Z", + "updated": "2021-06-30T03:46:31.397Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 174, + "fields": { + "category": 14, + "objective_number": "19.2", + "objective": "Verify that communications between components, such as between the application server and the database server, are encrypted, particularly when the components are in different containers or on different systems.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:46:49.459Z", + "updated": "2021-06-30T03:46:49.459Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 175, + "fields": { + "category": 14, + "objective_number": "19.3", + "objective": "Verify that communications between components, such as between the application server and the database server, is authenticated using an account with the least necessary privileges.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:47:06.199Z", + "updated": "2021-06-30T03:47:06.199Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 176, + "fields": { + "category": 14, + "objective_number": "19.4", + "objective": "Verify application deployments are adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:47:28.491Z", + "updated": "2021-06-30T03:47:28.491Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 177, + "fields": { + "category": 14, + "objective_number": "19.5", + "objective": "Verify that the application build and deployment processes are performed in a secure and repeatable method, such as CI / CD automation and automated configuration management.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:11.230Z", + "updated": "2021-06-30T03:49:11.230Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 178, + "fields": { + "category": 14, + "objective_number": "19.6", + "objective": "Verify that authorised administrators have the capability to verify the integrity of all security-relevant configurations to detect tampering.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:30.929Z", + "updated": "2021-06-30T03:49:30.929Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 179, + "fields": { + "category": 14, + "objective_number": "19.7", + "objective": "Verify that all application components are signed.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:49:47.862Z", + "updated": "2021-06-30T03:49:47.863Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 180, + "fields": { + "category": 14, + "objective_number": "19.8", + "objective": "Verify that third party components come from trusted repositories.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:05.648Z", + "updated": "2021-06-30T03:50:05.648Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 181, + "fields": { + "category": 14, + "objective_number": "19.9", + "objective": "Verify that build processes for system level languages have all security flags enabled, such as ASLR, DEP, and security checks.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:24.752Z", + "updated": "2021-06-30T03:50:24.752Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 182, + "fields": { + "category": 14, + "objective_number": "19.10", + "objective": "Verify that all application assets are hosted by the application, such as JavaScript libraries, CSS stylesheets and web fonts are hosted by the application rather than rely on a CDN or external provider.", + "references": "", + "level_1": false, + "level_2": false, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:41.104Z", + "updated": "2021-06-30T03:50:41.104Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 183, + "fields": { + "category": 14, + "objective_number": "19.11", + "objective": "Verify that all application components, services, and servers each use their own low privilege service account, that is not shared between applications nor used by administrators.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:50:57.938Z", + "updated": "2021-06-30T03:50:57.938Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 184, + "fields": { + "category": 13, + "objective_number": "18.1", + "objective": "Verify that the same encoding style is used between the client and the server.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:51:40.222Z", + "updated": "2021-06-30T03:51:40.222Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 185, + "fields": { + "category": 13, + "objective_number": "18.2", + "objective": "Verify that access to administration and management functions within the Web Service Application is limited to web service administrators.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:51:56.603Z", + "updated": "2021-06-30T03:51:56.603Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 186, + "fields": { + "category": 13, + "objective_number": "18.3", + "objective": "Verify that XML or JSON schema is in place and verified before accepting input.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:19.697Z", + "updated": "2021-06-30T03:52:19.697Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 187, + "fields": { + "category": 13, + "objective_number": "18.4", + "objective": "Verify that all input is limited to an appropriate size limit.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:36.709Z", + "updated": "2021-06-30T03:52:36.710Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 188, + "fields": { + "category": 13, + "objective_number": "18.5", + "objective": "Verify that SOAP based web services are compliant with Web Services-Interoperability (WS-I) Basic Profile at minimum. This essentially means TLS encryption.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:52:55.113Z", + "updated": "2021-06-30T03:52:55.113Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 189, + "fields": { + "category": 13, + "objective_number": "18.7", + "objective": "Verify that the REST service is protected from Cross-Site Request Forgery via the use of at least one or more of the following: double submit cookie pattern, CSRF nonces, ORIGIN request header checks, and referrer request header checks.", + "references": "", + "level_1": true, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:15.663Z", + "updated": "2021-06-30T03:53:15.663Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 190, + "fields": { + "category": 13, + "objective_number": "18.8", + "objective": "Verify the REST service explicitly check the incoming Content-Type to be the expected one, such as application/xml or application/json.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:34.549Z", + "updated": "2021-06-30T03:53:34.549Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 191, + "fields": { + "category": 13, + "objective_number": "18.9", + "objective": "Verify that the message payload is signed to ensure reliable transport between client and service, using JSON Web Signing or WS-Security for SOAP requests.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:53:54.736Z", + "updated": "2021-06-30T03:53:54.736Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_requirement", + "pk": 192, + "fields": { + "category": 13, + "objective_number": "18.10", + "objective": "Verify that alternative and less secure access paths do not exist.", + "references": "", + "level_1": false, + "level_2": true, + "level_3": true, + "enabled": true, + "created": "2021-06-30T03:54:23.078Z", + "updated": "2021-06-30T03:54:23.078Z", + "cwe_mapping": [], + "testing_guide": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 1, + "fields": { + "product": 1, + "control": 144, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 2, + "fields": { + "product": 1, + "control": 145, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 3, + "fields": { + "product": 1, + "control": 146, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 4, + "fields": { + "product": 1, + "control": 147, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 5, + "fields": { + "product": 1, + "control": 148, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 6, + "fields": { + "product": 1, + "control": 149, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 7, + "fields": { + "product": 1, + "control": 150, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 8, + "fields": { + "product": 1, + "control": 151, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 9, + "fields": { + "product": 1, + "control": 152, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.234Z", + "updated": "2021-11-04T08:22:00.234Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 10, + "fields": { + "product": 1, + "control": 153, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 11, + "fields": { + "product": 1, + "control": 154, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 12, + "fields": { + "product": 1, + "control": 155, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 13, + "fields": { + "product": 1, + "control": 156, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 14, + "fields": { + "product": 1, + "control": 157, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 15, + "fields": { + "product": 1, + "control": 158, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 16, + "fields": { + "product": 1, + "control": 159, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 17, + "fields": { + "product": 1, + "control": 160, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 18, + "fields": { + "product": 1, + "control": 161, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 19, + "fields": { + "product": 1, + "control": 162, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 20, + "fields": { + "product": 1, + "control": 163, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 21, + "fields": { + "product": 1, + "control": 164, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 22, + "fields": { + "product": 1, + "control": 165, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 23, + "fields": { + "product": 1, + "control": 166, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 24, + "fields": { + "product": 1, + "control": 167, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 25, + "fields": { + "product": 1, + "control": 168, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 26, + "fields": { + "product": 1, + "control": 169, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 27, + "fields": { + "product": 1, + "control": 170, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 28, + "fields": { + "product": 1, + "control": 171, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 29, + "fields": { + "product": 1, + "control": 172, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 30, + "fields": { + "product": 1, + "control": 173, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.235Z", + "updated": "2021-11-04T08:22:00.235Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 31, + "fields": { + "product": 1, + "control": 174, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 32, + "fields": { + "product": 1, + "control": 175, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 33, + "fields": { + "product": 1, + "control": 176, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 34, + "fields": { + "product": 1, + "control": 177, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 35, + "fields": { + "product": 1, + "control": 178, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 36, + "fields": { + "product": 1, + "control": 179, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 37, + "fields": { + "product": 1, + "control": 180, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 38, + "fields": { + "product": 1, + "control": 181, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 39, + "fields": { + "product": 1, + "control": 182, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 40, + "fields": { + "product": 1, + "control": 183, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 41, + "fields": { + "product": 1, + "control": 184, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 42, + "fields": { + "product": 1, + "control": 185, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 43, + "fields": { + "product": 1, + "control": 186, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 44, + "fields": { + "product": 1, + "control": 187, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 45, + "fields": { + "product": 1, + "control": 188, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 46, + "fields": { + "product": 1, + "control": 189, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 47, + "fields": { + "product": 1, + "control": 190, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 48, + "fields": { + "product": 1, + "control": 191, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.236Z", + "updated": "2021-11-04T08:22:00.236Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 49, + "fields": { + "product": 1, + "control": 192, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 50, + "fields": { + "product": 1, + "control": 134, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 51, + "fields": { + "product": 1, + "control": 135, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 52, + "fields": { + "product": 1, + "control": 136, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 53, + "fields": { + "product": 1, + "control": 137, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 54, + "fields": { + "product": 1, + "control": 138, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 55, + "fields": { + "product": 1, + "control": 139, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 56, + "fields": { + "product": 1, + "control": 140, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 57, + "fields": { + "product": 1, + "control": 141, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 58, + "fields": { + "product": 1, + "control": 142, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 59, + "fields": { + "product": 1, + "control": 143, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 60, + "fields": { + "product": 1, + "control": 132, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 61, + "fields": { + "product": 1, + "control": 133, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 62, + "fields": { + "product": 1, + "control": 130, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 63, + "fields": { + "product": 1, + "control": 131, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 64, + "fields": { + "product": 1, + "control": 117, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 65, + "fields": { + "product": 1, + "control": 118, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 66, + "fields": { + "product": 1, + "control": 119, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 67, + "fields": { + "product": 1, + "control": 120, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 68, + "fields": { + "product": 1, + "control": 121, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 69, + "fields": { + "product": 1, + "control": 122, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.237Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 70, + "fields": { + "product": 1, + "control": 123, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.237Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 71, + "fields": { + "product": 1, + "control": 124, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 72, + "fields": { + "product": 1, + "control": 125, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 73, + "fields": { + "product": 1, + "control": 126, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 74, + "fields": { + "product": 1, + "control": 127, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 75, + "fields": { + "product": 1, + "control": 128, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 76, + "fields": { + "product": 1, + "control": 129, + "pass_fail": true, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 77, + "fields": { + "product": 1, + "control": 110, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 78, + "fields": { + "product": 1, + "control": 105, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 79, + "fields": { + "product": 1, + "control": 106, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 80, + "fields": { + "product": 1, + "control": 107, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 81, + "fields": { + "product": 1, + "control": 108, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 82, + "fields": { + "product": 1, + "control": 109, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 83, + "fields": { + "product": 1, + "control": 111, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 84, + "fields": { + "product": 1, + "control": 112, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 85, + "fields": { + "product": 1, + "control": 113, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 86, + "fields": { + "product": 1, + "control": 114, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 87, + "fields": { + "product": 1, + "control": 115, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 88, + "fields": { + "product": 1, + "control": 116, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 89, + "fields": { + "product": 1, + "control": 92, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.238Z", + "updated": "2021-11-04T08:22:00.238Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 90, + "fields": { + "product": 1, + "control": 93, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 91, + "fields": { + "product": 1, + "control": 94, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 92, + "fields": { + "product": 1, + "control": 95, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 93, + "fields": { + "product": 1, + "control": 96, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 94, + "fields": { + "product": 1, + "control": 97, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 95, + "fields": { + "product": 1, + "control": 98, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 96, + "fields": { + "product": 1, + "control": 99, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 97, + "fields": { + "product": 1, + "control": 100, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 98, + "fields": { + "product": 1, + "control": 101, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 99, + "fields": { + "product": 1, + "control": 102, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 100, + "fields": { + "product": 1, + "control": 103, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 101, + "fields": { + "product": 1, + "control": 104, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 102, + "fields": { + "product": 1, + "control": 65, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 103, + "fields": { + "product": 1, + "control": 66, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 104, + "fields": { + "product": 1, + "control": 67, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 105, + "fields": { + "product": 1, + "control": 68, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 106, + "fields": { + "product": 1, + "control": 69, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 107, + "fields": { + "product": 1, + "control": 70, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 108, + "fields": { + "product": 1, + "control": 71, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 109, + "fields": { + "product": 1, + "control": 72, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.239Z", + "updated": "2021-11-04T08:22:00.239Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 110, + "fields": { + "product": 1, + "control": 73, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 111, + "fields": { + "product": 1, + "control": 74, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 112, + "fields": { + "product": 1, + "control": 75, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 113, + "fields": { + "product": 1, + "control": 76, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 114, + "fields": { + "product": 1, + "control": 77, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 115, + "fields": { + "product": 1, + "control": 78, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 116, + "fields": { + "product": 1, + "control": 79, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 117, + "fields": { + "product": 1, + "control": 80, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 118, + "fields": { + "product": 1, + "control": 81, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 119, + "fields": { + "product": 1, + "control": 82, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 120, + "fields": { + "product": 1, + "control": 83, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 121, + "fields": { + "product": 1, + "control": 84, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 122, + "fields": { + "product": 1, + "control": 53, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 123, + "fields": { + "product": 1, + "control": 54, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 124, + "fields": { + "product": 1, + "control": 55, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 125, + "fields": { + "product": 1, + "control": 56, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 126, + "fields": { + "product": 1, + "control": 57, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 127, + "fields": { + "product": 1, + "control": 58, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 128, + "fields": { + "product": 1, + "control": 59, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 129, + "fields": { + "product": 1, + "control": 60, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 130, + "fields": { + "product": 1, + "control": 61, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.240Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 131, + "fields": { + "product": 1, + "control": 62, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.240Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 132, + "fields": { + "product": 1, + "control": 63, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 133, + "fields": { + "product": 1, + "control": 64, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 134, + "fields": { + "product": 1, + "control": 42, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 135, + "fields": { + "product": 1, + "control": 43, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 136, + "fields": { + "product": 1, + "control": 44, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 137, + "fields": { + "product": 1, + "control": 45, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 138, + "fields": { + "product": 1, + "control": 46, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 139, + "fields": { + "product": 1, + "control": 47, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 140, + "fields": { + "product": 1, + "control": 48, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 141, + "fields": { + "product": 1, + "control": 49, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 142, + "fields": { + "product": 1, + "control": 50, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 143, + "fields": { + "product": 1, + "control": 51, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 144, + "fields": { + "product": 1, + "control": 52, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 145, + "fields": { + "product": 1, + "control": 5, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 146, + "fields": { + "product": 1, + "control": 6, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 147, + "fields": { + "product": 1, + "control": 7, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 148, + "fields": { + "product": 1, + "control": 8, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 149, + "fields": { + "product": 1, + "control": 9, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 150, + "fields": { + "product": 1, + "control": 11, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 151, + "fields": { + "product": 1, + "control": 12, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 152, + "fields": { + "product": 1, + "control": 13, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.241Z", + "updated": "2021-11-04T08:22:00.241Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 153, + "fields": { + "product": 1, + "control": 14, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 154, + "fields": { + "product": 1, + "control": 15, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 155, + "fields": { + "product": 1, + "control": 16, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 156, + "fields": { + "product": 1, + "control": 17, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 157, + "fields": { + "product": 1, + "control": 4, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 158, + "fields": { + "product": 1, + "control": 18, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 159, + "fields": { + "product": 1, + "control": 19, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 160, + "fields": { + "product": 1, + "control": 20, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 161, + "fields": { + "product": 1, + "control": 21, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 162, + "fields": { + "product": 1, + "control": 22, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 163, + "fields": { + "product": 1, + "control": 23, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 164, + "fields": { + "product": 1, + "control": 24, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 165, + "fields": { + "product": 1, + "control": 25, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 166, + "fields": { + "product": 1, + "control": 26, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 167, + "fields": { + "product": 1, + "control": 27, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 168, + "fields": { + "product": 1, + "control": 28, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 169, + "fields": { + "product": 1, + "control": 29, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 170, + "fields": { + "product": 1, + "control": 30, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 171, + "fields": { + "product": 1, + "control": 31, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 172, + "fields": { + "product": 1, + "control": 32, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 173, + "fields": { + "product": 1, + "control": 33, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.242Z", + "updated": "2021-11-04T08:22:00.242Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 174, + "fields": { + "product": 1, + "control": 34, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 175, + "fields": { + "product": 1, + "control": 35, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 176, + "fields": { + "product": 1, + "control": 36, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 177, + "fields": { + "product": 1, + "control": 37, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 178, + "fields": { + "product": 1, + "control": 38, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 179, + "fields": { + "product": 1, + "control": 39, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 180, + "fields": { + "product": 1, + "control": 40, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 181, + "fields": { + "product": 1, + "control": 41, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 182, + "fields": { + "product": 1, + "control": 1, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 183, + "fields": { + "product": 1, + "control": 2, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 184, + "fields": { + "product": 1, + "control": 3, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 185, + "fields": { + "product": 1, + "control": 85, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 186, + "fields": { + "product": 1, + "control": 86, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 187, + "fields": { + "product": 1, + "control": 87, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 188, + "fields": { + "product": 1, + "control": 88, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 189, + "fields": { + "product": 1, + "control": 89, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 190, + "fields": { + "product": 1, + "control": 90, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product", + "pk": 191, + "fields": { + "product": 1, + "control": 91, + "pass_fail": false, + "enabled": true, + "created": "2021-11-04T08:22:00.243Z", + "updated": "2021-11-04T08:22:00.243Z", + "notes": [] + } +}, +{ + "model": "dojo.benchmark_product_summary", + "pk": 1, + "fields": { + "product": 1, + "benchmark_type": 1, + "desired_level": "Level 1", + "current_level": "None", + "asvs_level_1_benchmark": 83, + "asvs_level_1_score": 6, + "asvs_level_2_benchmark": 73, + "asvs_level_2_score": 0, + "asvs_level_3_benchmark": 35, + "asvs_level_3_score": 0, + "publish": false, + "created": "2021-11-04T08:22:00.291Z", + "updated": "2021-11-04T08:22:00.291Z" + } +}, +{ + "model": "dojo.question", + "pk": 3, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:16Z", + "modified": "2018-06-17T19:31:16Z", + "order": 1, + "optional": false, + "text": "What kind of infrastructure will you be using (cloud servers, load balancers, dedicated hardware, etc)?" + } +}, +{ + "model": "dojo.question", + "pk": 4, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:30Z", + "modified": "2018-06-17T19:31:30Z", + "order": 1, + "optional": false, + "text": "Will there be a staging/pre-prod environment?" + } +}, +{ + "model": "dojo.question", + "pk": 5, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:31:45Z", + "modified": "2018-06-17T19:31:45Z", + "order": 1, + "optional": false, + "text": "How many servers/regions will be used for production?" + } +}, +{ + "model": "dojo.question", + "pk": 6, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:52:57Z", + "modified": "2018-06-17T19:52:57Z", + "order": 1, + "optional": false, + "text": "What kind of OS and other software will these servers run?" + } +}, +{ + "model": "dojo.question", + "pk": 7, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:53:37Z", + "modified": "2018-06-17T19:53:37Z", + "order": 1, + "optional": false, + "text": "Where does the product live? (Public cloud, private cloud, dedicated, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 8, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:20Z", + "modified": "2018-06-17T19:54:20Z", + "order": 1, + "optional": false, + "text": "If public cloud, are regions and environments separated into different accounts? Who manages the accounts?" + } +}, +{ + "model": "dojo.question", + "pk": 9, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:34Z", + "modified": "2018-06-17T19:54:34Z", + "order": 1, + "optional": false, + "text": "How will your servers talk to one another, if at all?" + } +}, +{ + "model": "dojo.question", + "pk": 10, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:54:48Z", + "modified": "2018-06-17T19:54:48Z", + "order": 1, + "optional": false, + "text": "How will you manage this infrastructure?" + } +}, +{ + "model": "dojo.question", + "pk": 11, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:55:00Z", + "modified": "2018-06-17T19:55:00Z", + "order": 1, + "optional": false, + "text": "What is your patching schedule?" + } +}, +{ + "model": "dojo.question", + "pk": 12, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:55:20Z", + "modified": "2018-06-17T19:55:20Z", + "order": 1, + "optional": false, + "text": "How will admin users (e.g., Ops) authenticate to the servers (LDAP based login, SSH Keys, local access)?" + } +}, +{ + "model": "dojo.question", + "pk": 13, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:56:24Z", + "modified": "2018-06-17T19:56:24Z", + "order": 1, + "optional": false, + "text": "What components do you have as part of your product (Web UI, REST API, command line app, mobile app, etc.)?" + } +}, +{ + "model": "dojo.question", + "pk": 14, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:22Z", + "modified": "2018-06-17T19:57:22Z", + "order": 1, + "optional": false, + "text": "What access control limitations are in place?" + } +}, +{ + "model": "dojo.question", + "pk": 15, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:34Z", + "modified": "2018-06-17T19:57:34Z", + "order": 1, + "optional": false, + "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 16, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:57:55Z", + "modified": "2018-06-17T19:57:55Z", + "order": 1, + "optional": false, + "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?" + } +}, +{ + "model": "dojo.question", + "pk": 17, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T19:58:36Z", + "modified": "2018-06-17T19:58:36Z", + "order": 1, + "optional": false, + "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?" + } +}, +{ + "model": "dojo.question", + "pk": 18, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:35Z", + "modified": "2018-06-17T20:00:35Z", + "order": 1, + "optional": false, + "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?" + } +}, +{ + "model": "dojo.question", + "pk": 19, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:46Z", + "modified": "2018-06-17T20:00:46Z", + "order": 1, + "optional": false, + "text": "What identifying information are you logging?" + } +}, +{ + "model": "dojo.question", + "pk": 20, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:00:58Z", + "modified": "2018-06-17T20:00:58Z", + "order": 1, + "optional": false, + "text": "Where are these logs stored?" + } +}, +{ + "model": "dojo.question", + "pk": 21, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:18Z", + "modified": "2018-06-17T20:02:18Z", + "order": 1, + "optional": false, + "text": "How does an end user interact with the product? Do they visit it in their browser, use a proxy or a special CLI tool, log in through a terminal server, etc?" + } +}, +{ + "model": "dojo.question", + "pk": 22, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:32Z", + "modified": "2018-06-17T20:02:32Z", + "order": 1, + "optional": false, + "text": "How public-facing is this product? (customer tool, open source project, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 23, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:46Z", + "modified": "2018-06-17T20:02:46Z", + "order": 1, + "optional": false, + "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc." + } +}, +{ + "model": "dojo.question", + "pk": 24, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:02:57Z", + "modified": "2018-06-17T20:02:57Z", + "order": 1, + "optional": false, + "text": "What services/products does your product consume? What services/products consume it?" + } +}, +{ + "model": "dojo.question", + "pk": 25, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:04:46Z", + "modified": "2018-06-17T20:04:46Z", + "order": 1, + "optional": false, + "text": "What customer or corporate information does your product consume?" + } +}, +{ + "model": "dojo.question", + "pk": 26, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:10Z", + "modified": "2018-06-17T20:05:10Z", + "order": 1, + "optional": false, + "text": "What information does the product store?" + } +}, +{ + "model": "dojo.question", + "pk": 27, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:22Z", + "modified": "2018-06-17T20:05:22Z", + "order": 1, + "optional": false, + "text": "Where, how, and for how long is it stored?" + } +}, +{ + "model": "dojo.question", + "pk": 28, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:32Z", + "modified": "2018-06-17T20:05:32Z", + "order": 1, + "optional": false, + "text": "Is encryption / hashing used where appropriate?" + } +}, +{ + "model": "dojo.question", + "pk": 29, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:43Z", + "modified": "2018-06-17T20:05:43Z", + "order": 1, + "optional": false, + "text": "Are you rolling your own identification system? If so, have you considered integrating with SSO instead?" + } +}, +{ + "model": "dojo.question", + "pk": 30, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:05:57Z", + "modified": "2018-06-17T20:05:57Z", + "order": 1, + "optional": false, + "text": "What information does the product send to the user?" + } +}, +{ + "model": "dojo.question", + "pk": 31, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:06:15Z", + "modified": "2018-06-17T20:06:15Z", + "order": 1, + "optional": false, + "text": "If you're managing passwords or keys across multiple servers/endpoints, where and how is that information stored?" + } +}, +{ + "model": "dojo.question", + "pk": 32, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:08Z", + "modified": "2018-06-17T20:08:08Z", + "order": 1, + "optional": false, + "text": "What third party tools and libraries are you using? Please provide a package dump as well (apt, pip, bower, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 33, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:19Z", + "modified": "2018-06-17T20:08:19Z", + "order": 1, + "optional": false, + "text": "What ports should be open on each node, and what services do they expose?" + } +}, +{ + "model": "dojo.question", + "pk": 34, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:30Z", + "modified": "2018-06-17T20:08:30Z", + "order": 1, + "optional": false, + "text": "What service accounts are you utilizing, and what roles do they have?" + } +}, +{ + "model": "dojo.question", + "pk": 35, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:43Z", + "modified": "2018-06-17T20:08:43Z", + "order": 1, + "optional": false, + "text": "What DNS entries do you have set up? (Most importantly, public-facing systems)" + } +}, +{ + "model": "dojo.question", + "pk": 36, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:08:54Z", + "modified": "2018-06-17T20:08:54Z", + "order": 1, + "optional": false, + "text": "What type of monitoring are you doing? (IDS, cloud monitoring, custom log parsing script, etc.)" + } +}, +{ + "model": "dojo.question", + "pk": 37, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:15Z", + "modified": "2018-06-17T20:10:15Z", + "order": 1, + "optional": false, + "text": "List the IPs for all infrastructure utilized for the environment in question." + } +}, +{ + "model": "dojo.question", + "pk": 38, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:30Z", + "modified": "2018-06-17T20:10:30Z", + "order": 1, + "optional": false, + "text": "List of endpoints and documentation for any APIs created by your product." + } +}, +{ + "model": "dojo.question", + "pk": 39, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:42Z", + "modified": "2018-06-17T20:10:42Z", + "order": 1, + "optional": false, + "text": "Locations of any web UIs or other important URLs" + } +}, +{ + "model": "dojo.question", + "pk": 40, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:10:52Z", + "modified": "2018-06-17T20:10:52Z", + "order": 1, + "optional": false, + "text": "List of any service accounts or other access requests relevant to your product" + } +}, +{ + "model": "dojo.question", + "pk": 41, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:04Z", + "modified": "2018-06-17T20:11:04Z", + "order": 1, + "optional": false, + "text": "The contact information of QE who are testing the products." + } +}, +{ + "model": "dojo.question", + "pk": 42, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:17Z", + "modified": "2018-06-17T20:11:17Z", + "order": 1, + "optional": false, + "text": "The list of people that should be notified for our security testing." + } +}, +{ + "model": "dojo.question", + "pk": 43, + "fields": { + "polymorphic_ctype": [ + "dojo", + "benchmark_category" + ], + "created": "2018-06-17T20:11:30Z", + "modified": "2018-06-17T20:11:30Z", + "order": 1, + "optional": false, + "text": "Any security testing that we should not run, and/or times when you would prefer we not test." + } +}, +{ + "model": "dojo.textquestion", + "pk": 3, + "fields": { + "question_ptr": 3 + } +}, +{ + "model": "dojo.textquestion", + "pk": 4, + "fields": { + "question_ptr": 4 + } +}, +{ + "model": "dojo.textquestion", + "pk": 5, + "fields": { + "question_ptr": 5 + } +}, +{ + "model": "dojo.textquestion", + "pk": 6, + "fields": { + "question_ptr": 6 + } +}, +{ + "model": "dojo.textquestion", + "pk": 7, + "fields": { + "question_ptr": 7 + } +}, +{ + "model": "dojo.textquestion", + "pk": 8, + "fields": { + "question_ptr": 8 + } +}, +{ + "model": "dojo.textquestion", + "pk": 9, + "fields": { + "question_ptr": 9 + } +}, +{ + "model": "dojo.textquestion", + "pk": 10, + "fields": { + "question_ptr": 10 + } +}, +{ + "model": "dojo.textquestion", + "pk": 11, + "fields": { + "question_ptr": 11 + } +}, +{ + "model": "dojo.textquestion", + "pk": 12, + "fields": { + "question_ptr": 12 + } +}, +{ + "model": "dojo.textquestion", + "pk": 13, + "fields": { + "question_ptr": 13 + } +}, +{ + "model": "dojo.textquestion", + "pk": 14, + "fields": { + "question_ptr": 14 + } +}, +{ + "model": "dojo.textquestion", + "pk": 15, + "fields": { + "question_ptr": 15 + } +}, +{ + "model": "dojo.textquestion", + "pk": 16, + "fields": { + "question_ptr": 16 + } +}, +{ + "model": "dojo.textquestion", + "pk": 17, + "fields": { + "question_ptr": 17 + } +}, +{ + "model": "dojo.textquestion", + "pk": 18, + "fields": { + "question_ptr": 18 + } +}, +{ + "model": "dojo.textquestion", + "pk": 19, + "fields": { + "question_ptr": 19 + } +}, +{ + "model": "dojo.textquestion", + "pk": 20, + "fields": { + "question_ptr": 20 + } +}, +{ + "model": "dojo.textquestion", + "pk": 21, + "fields": { + "question_ptr": 21 + } +}, +{ + "model": "dojo.textquestion", + "pk": 22, + "fields": { + "question_ptr": 22 + } +}, +{ + "model": "dojo.textquestion", + "pk": 23, + "fields": { + "question_ptr": 23 + } +}, +{ + "model": "dojo.textquestion", + "pk": 24, + "fields": { + "question_ptr": 24 + } +}, +{ + "model": "dojo.textquestion", + "pk": 25, + "fields": { + "question_ptr": 25 + } +}, +{ + "model": "dojo.textquestion", + "pk": 26, + "fields": { + "question_ptr": 26 + } +}, +{ + "model": "dojo.textquestion", + "pk": 27, + "fields": { + "question_ptr": 27 + } +}, +{ + "model": "dojo.textquestion", + "pk": 28, + "fields": { + "question_ptr": 28 + } +}, +{ + "model": "dojo.textquestion", + "pk": 29, + "fields": { + "question_ptr": 29 + } +}, +{ + "model": "dojo.textquestion", + "pk": 30, + "fields": { + "question_ptr": 30 + } +}, +{ + "model": "dojo.textquestion", + "pk": 31, + "fields": { + "question_ptr": 31 + } +}, +{ + "model": "dojo.textquestion", + "pk": 32, + "fields": { + "question_ptr": 32 + } +}, +{ + "model": "dojo.textquestion", + "pk": 33, + "fields": { + "question_ptr": 33 + } +}, +{ + "model": "dojo.textquestion", + "pk": 34, + "fields": { + "question_ptr": 34 + } +}, +{ + "model": "dojo.textquestion", + "pk": 35, + "fields": { + "question_ptr": 35 + } +}, +{ + "model": "dojo.textquestion", + "pk": 36, + "fields": { + "question_ptr": 36 + } +}, +{ + "model": "dojo.textquestion", + "pk": 37, + "fields": { + "question_ptr": 37 + } +}, +{ + "model": "dojo.textquestion", + "pk": 38, + "fields": { + "question_ptr": 38 + } +}, +{ + "model": "dojo.textquestion", + "pk": 39, + "fields": { + "question_ptr": 39 + } +}, +{ + "model": "dojo.textquestion", + "pk": 40, + "fields": { + "question_ptr": 40 + } +}, +{ + "model": "dojo.textquestion", + "pk": 41, + "fields": { + "question_ptr": 41 + } +}, +{ + "model": "dojo.textquestion", + "pk": 42, + "fields": { + "question_ptr": 42 + } +}, +{ + "model": "dojo.textquestion", + "pk": 43, + "fields": { + "question_ptr": 43 + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 2, + "fields": { + "name": "Infrastructure", + "description": "Questions regarding the products physical infrastructure.", + "active": true, + "questions": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 3, + "fields": { + "name": "Testing Preparation", + "description": "Tell us about the specific components that make up your application.", + "active": true, + "questions": [ + 13, + 37, + 38, + 39, + 40, + 41, + 42, + 43 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 4, + "fields": { + "name": "Access Control", + "description": "Tell us about the access control configured for your application.", + "active": true, + "questions": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 5, + "fields": { + "name": "Information Flow / Dependency Modeling", + "description": "Tell us how is your application used.", + "active": true, + "questions": [ + 21, + 22, + 23, + 24 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 6, + "fields": { + "name": "Information Management", + "description": "Tell us what kind of data you are storing/managing.", + "active": true, + "questions": [ + 25, + 26, + 27, + 28, + 29, + 30, + 31 + ] + } +}, +{ + "model": "dojo.engagement_survey", + "pk": 7, + "fields": { + "name": "Inventory", + "description": "Give us detail about your application.", + "active": true, + "questions": [ + 32, + 33, + 34, + 35, + 36 + ] + } +}, +{ + "model": "dojo.location", + "pk": 1, + "fields": { + "created": "2026-01-26T15:45:41.735Z", + "updated": "2026-01-26T15:45:41.735Z", + "location_type": "url", + "location_value": "ssh://127.0.0.1", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 2, + "fields": { + "created": "2026-01-26T15:45:41.756Z", + "updated": "2026-01-26T15:45:41.756Z", + "location_type": "url", + "location_value": "127.0.0.1", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 3, + "fields": { + "created": "2026-01-26T15:45:41.767Z", + "updated": "2026-01-26T15:45:41.767Z", + "location_type": "url", + "location_value": "ftp://localhost/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 4, + "fields": { + "created": "2026-01-26T15:45:41.777Z", + "updated": "2026-01-26T15:45:41.777Z", + "location_type": "url", + "location_value": "http://localhost:8888/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 5, + "fields": { + "created": "2026-01-26T15:45:41.787Z", + "updated": "2026-01-26T15:45:41.787Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 6, + "fields": { + "created": "2026-01-26T15:45:41.797Z", + "updated": "2026-01-26T15:45:41.797Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/about.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 7, + "fields": { + "created": "2026-01-26T15:45:41.807Z", + "updated": "2026-01-26T15:45:41.807Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/admin.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 8, + "fields": { + "created": "2026-01-26T15:45:41.818Z", + "updated": "2026-01-26T15:45:41.818Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/advanced.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 9, + "fields": { + "created": "2026-01-26T15:45:41.828Z", + "updated": "2026-01-26T15:45:41.828Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/basket.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 10, + "fields": { + "created": "2026-01-26T15:45:41.838Z", + "updated": "2026-01-26T15:45:41.838Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/contact.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 11, + "fields": { + "created": "2026-01-26T15:45:41.850Z", + "updated": "2026-01-26T15:45:41.850Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/home.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 12, + "fields": { + "created": "2026-01-26T15:45:41.859Z", + "updated": "2026-01-26T15:45:41.859Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/login.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 13, + "fields": { + "created": "2026-01-26T15:45:41.870Z", + "updated": "2026-01-26T15:45:41.870Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/logout.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 14, + "fields": { + "created": "2026-01-26T15:45:41.880Z", + "updated": "2026-01-26T15:45:41.880Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/password.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 15, + "fields": { + "created": "2026-01-26T15:45:41.891Z", + "updated": "2026-01-26T15:45:41.891Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/product.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 16, + "fields": { + "created": "2026-01-26T15:45:41.902Z", + "updated": "2026-01-26T15:45:41.902Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/register.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 17, + "fields": { + "created": "2026-01-26T15:45:41.912Z", + "updated": "2026-01-26T15:45:41.912Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/score.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 18, + "fields": { + "created": "2026-01-26T15:45:41.922Z", + "updated": "2026-01-26T15:45:41.922Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/search.jsp", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.location", + "pk": 19, + "fields": { + "created": "2026-01-26T15:45:41.932Z", + "updated": "2026-01-26T15:45:41.932Z", + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/", + "tags": [], + "inherited_tags": [] + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 1, + "fields": { + "created": "2026-01-26T15:45:41.753Z", + "updated": "2026-01-26T15:45:41.753Z", + "location": 1, + "product": 3, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 2, + "fields": { + "created": "2026-01-26T15:45:41.763Z", + "updated": "2026-01-26T15:45:41.763Z", + "location": 2, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 3, + "fields": { + "created": "2026-01-26T15:45:41.774Z", + "updated": "2026-01-26T15:45:41.774Z", + "location": 3, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 4, + "fields": { + "created": "2026-01-26T15:45:41.784Z", + "updated": "2026-01-26T15:45:41.784Z", + "location": 4, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 5, + "fields": { + "created": "2026-01-26T15:45:41.794Z", + "updated": "2026-01-26T15:45:41.794Z", + "location": 5, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 6, + "fields": { + "created": "2026-01-26T15:45:41.804Z", + "updated": "2026-01-26T15:45:41.804Z", + "location": 6, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 7, + "fields": { + "created": "2026-01-26T15:45:41.814Z", + "updated": "2026-01-26T15:45:41.814Z", + "location": 7, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 8, + "fields": { + "created": "2026-01-26T15:45:41.825Z", + "updated": "2026-01-26T15:45:41.825Z", + "location": 8, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 9, + "fields": { + "created": "2026-01-26T15:45:41.835Z", + "updated": "2026-01-26T15:45:41.835Z", + "location": 9, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 10, + "fields": { + "created": "2026-01-26T15:45:41.846Z", + "updated": "2026-01-26T15:45:41.846Z", + "location": 10, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 11, + "fields": { + "created": "2026-01-26T15:45:41.855Z", + "updated": "2026-01-26T15:45:41.855Z", + "location": 11, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 12, + "fields": { + "created": "2026-01-26T15:45:41.866Z", + "updated": "2026-01-26T15:45:41.866Z", + "location": 12, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 13, + "fields": { + "created": "2026-01-26T15:45:41.876Z", + "updated": "2026-01-26T15:45:41.876Z", + "location": 13, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 14, + "fields": { + "created": "2026-01-26T15:45:41.887Z", + "updated": "2026-01-26T15:45:41.887Z", + "location": 14, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 15, + "fields": { + "created": "2026-01-26T15:45:41.898Z", + "updated": "2026-01-26T15:45:41.898Z", + "location": 15, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 16, + "fields": { + "created": "2026-01-26T15:45:41.909Z", + "updated": "2026-01-26T15:45:41.909Z", + "location": 16, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 17, + "fields": { + "created": "2026-01-26T15:45:41.919Z", + "updated": "2026-01-26T15:45:41.919Z", + "location": 17, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 18, + "fields": { + "created": "2026-01-26T15:45:41.929Z", + "updated": "2026-01-26T15:45:41.929Z", + "location": 18, + "product": 1, + "status": "Mitigated" + } +}, +{ + "model": "dojo.locationproductreference", + "pk": 19, + "fields": { + "created": "2026-01-26T15:45:41.939Z", + "updated": "2026-01-26T15:45:41.939Z", + "location": 19, + "product": 2, + "status": "Mitigated" + } +}, +{ + "model": "dojo.url", + "pk": 1, + "fields": { + "location": 1, + "protocol": "ssh", + "user_info": "", + "host": "127.0.0.1", + "port": 22, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "03009c0636425af566fb6b737db82852812fe2969107ef299530a248f78c4761" + } +}, +{ + "model": "dojo.url", + "pk": 2, + "fields": { + "location": 2, + "protocol": "", + "user_info": "", + "host": "127.0.0.1", + "port": null, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "f1ef169262638cbeabd36e60b021936c5a925beda67b52bd1b52847aa10352e1" + } +}, +{ + "model": "dojo.url", + "pk": 3, + "fields": { + "location": 3, + "protocol": "ftp", + "user_info": "", + "host": "localhost", + "port": 21, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "025d6b16f8cfba2d8e15e85deb81963a84d5dd3c700614f8e8fda87378cf58aa" + } +}, +{ + "model": "dojo.url", + "pk": 4, + "fields": { + "location": 4, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "0f93015b731ab1bc5ea1332a90781a2045d46e70ec1090361f68db58265a3271" + } +}, +{ + "model": "dojo.url", + "pk": 5, + "fields": { + "location": 5, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "94405be03445dd80d4e542775bf5797252cd907ecfeb381b51f72b5f01c78e4b" + } +}, +{ + "model": "dojo.url", + "pk": 6, + "fields": { + "location": 6, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/about.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "96e8eda7ebef554ead75dd22b2b6408b19498648964075d0cd8babf16bcddea9" + } +}, +{ + "model": "dojo.url", + "pk": 7, + "fields": { + "location": 7, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/admin.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "9eac0b36d89ea41c3ca850519bdf071471991f565dc1f5c0a3385a856a2817af" + } +}, +{ + "model": "dojo.url", + "pk": 8, + "fields": { + "location": 8, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/advanced.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "b1550d532705cf9e2441cf2d42e143f21d9991b1eb964aa88e52159eb1c5ff31" + } +}, +{ + "model": "dojo.url", + "pk": 9, + "fields": { + "location": 9, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/basket.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "efaf0a94394a5a2e117454956d67a1c43f95da40b7d7d5c158b049eded4cbe07" + } +}, +{ + "model": "dojo.url", + "pk": 10, + "fields": { + "location": 10, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/contact.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "7c00a6008791144f8e587507469ba1aaf5858a497a5fd2fd4fa5c29e942c4004" + } +}, +{ + "model": "dojo.url", + "pk": 11, + "fields": { + "location": 11, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/home.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "317895cd12da9908f97ebe8e63cb6395fed39d14925b631d9d4c1362b6458c20" + } +}, +{ + "model": "dojo.url", + "pk": 12, + "fields": { + "location": 12, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/login.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "2850f6a08fa0bd443f200525cc170231ce867d810fce483a0e3867f2b8807bfb" + } +}, +{ + "model": "dojo.url", + "pk": 13, + "fields": { + "location": 13, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/logout.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "c77e801a98a44ae86442c03f8dc2c068a3ce72d745c69aa290cce2c91c5be802" + } +}, +{ + "model": "dojo.url", + "pk": 14, + "fields": { + "location": 14, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/password.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "0710d27be344e66a9b1554d493f1e14f6b060dacba8ab64b5d2f86f49b85cca2" + } +}, +{ + "model": "dojo.url", + "pk": 15, + "fields": { + "location": 15, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/product.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "95f7dc925856be6f19bcfcc4b5c542d8a382815709900d6ab91693e3864bf75e" + } +}, +{ + "model": "dojo.url", + "pk": 16, + "fields": { + "location": 16, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/register.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "fddeec108eaec6a43060f43a44e228740350710cb3c4475ddd7cc7da7f740206" + } +}, +{ + "model": "dojo.url", + "pk": 17, + "fields": { + "location": 17, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/score.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "312cfc49152f6445cdb53df02fc65c966accd3e90e709fbe63bce73703085708" + } +}, +{ + "model": "dojo.url", + "pk": 18, + "fields": { + "location": 18, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/search.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "cac8b9e23292f238ae36c2c98600c1e3c813f48a53b6f8ec4f3accb0dda42886" + } +}, +{ + "model": "dojo.url", + "pk": 19, + "fields": { + "location": 19, + "protocol": "http", + "user_info": "", + "host": "127.0.0.1", + "port": 80, + "path": "endpoint/420/edit/", + "query": "", + "fragment": "", + "host_validation_failure": false, + "hash": "f28d3752e452cde3e00a3aaf885fe153037ae69d9726e6a0936ee7da3225c1ad" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "admin" + ], + "pgh_context": null, + "id": 1, + "last_login": "2025-02-06T22:39:20.922Z", + "is_superuser": true, + "username": "admin", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": true, + "is_active": true, + "date_joined": "2021-07-02T00:21:09.430Z" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "product_manager" + ], + "pgh_context": null, + "id": 2, + "last_login": "2021-11-05T07:22:26.370Z", + "is_superuser": false, + "username": "product_manager", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-01T07:59:51Z" + } +}, +{ + "model": "dojo.dojo_userevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": [ + "user2" + ], + "pgh_context": null, + "id": 3, + "last_login": "2021-07-04T23:13:00.869Z", + "is_superuser": false, + "username": "user2", + "first_name": "", + "last_name": "", + "email": "", + "is_staff": false, + "is_active": true, + "date_joined": "2021-07-02T00:22:09.558Z" + } +}, +{ + "model": "dojo.endpointevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "protocol": "http", + "userinfo": null, + "host": "127.0.0.1", + "port": 80, + "path": "/endpoint/420/edit/", + "query": null, + "fragment": null, + "product": 2 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "protocol": "ftp", + "userinfo": null, + "host": "localhost", + "port": 21, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "protocol": "ssh", + "userinfo": null, + "host": "127.0.0.1", + "port": 22, + "path": null, + "query": null, + "fragment": null, + "product": 3 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/login.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "protocol": null, + "userinfo": null, + "host": "127.0.0.1", + "port": null, + "path": null, + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/register.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/password.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/basket.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/advanced.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/admin.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/about.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/contact.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/home.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/product.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/score.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/search.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/logout.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 20, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "protocol": "http", + "userinfo": null, + "host": "127.0.0.1", + "port": 80, + "path": "/endpoint/420/edit/", + "query": null, + "fragment": null, + "product": 2 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 21, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "protocol": "ftp", + "userinfo": null, + "host": "localhost", + "port": 21, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 22, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "protocol": "ssh", + "userinfo": null, + "host": "127.0.0.1", + "port": 22, + "path": null, + "query": null, + "fragment": null, + "product": 3 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 23, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/login.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 24, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "protocol": null, + "userinfo": null, + "host": "127.0.0.1", + "port": null, + "path": null, + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 25, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/register.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 26, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/password.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 27, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 28, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/basket.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 29, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/advanced.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 30, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/admin.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 31, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/about.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 32, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/contact.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 33, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/home.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 34, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/product.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 35, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/score.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 36, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/search.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 37, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.endpointevent", + "pk": 38, + "fields": { + "pgh_created_at": "2026-01-26T15:47:40.016Z", + "pgh_label": "delete", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "protocol": "http", + "userinfo": null, + "host": "localhost", + "port": 8888, + "path": "/bodgeit/logout.jsp", + "query": null, + "fragment": null, + "product": 1 + } +}, +{ + "model": "dojo.engagementevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": null, + "name": "1st Quarter Engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2021-11-04T09:15:49.870Z", + "name": "April Monthly Engagement", + "description": "Requested by the team for regular manual checkup by the security team.", + "version": null, + "first_contacted": null, + "target_start": "2021-06-30", + "target_end": "2021-06-30", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": null, + "name": "weekly engagement", + "description": "test Engagement", + "version": null, + "first_contacted": null, + "target_start": "2021-06-21", + "target_end": "2021-06-22", + "lead": [ + "product_manager" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": "2021-11-04T09:01:00.647Z", + "updated": "2021-11-04T09:14:58.726Z", + "name": "Static Scan", + "description": "Initial static scan for Bodgeit.", + "version": "v.1.2.0", + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-10", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": "2021-11-04T09:25:29.380Z", + "updated": "2021-11-04T09:26:47.339Z", + "name": "Quarterly PCI Scan", + "description": "Reccuring Quarterly Scan", + "version": null, + "first_contacted": null, + "target_start": "2022-01-19", + "target_end": "2022-01-26", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": "2021-11-04T09:36:15.136Z", + "updated": "2021-11-04T09:36:15.136Z", + "name": "Ad Hoc Engagement", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-03", + "target_end": "2021-11-03", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 2, + "active": false, + "tracker": null, + "test_strategy": null, + "threat_model": true, + "api_test": true, + "pen_test": true, + "check_list": true, + "status": "", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2021-11-04T09:42:51.116Z", + "updated": "2021-11-04T09:44:29.481Z", + "name": "Initial Assessment", + "description": "This application needs to be assesed to determine the security posture.", + "version": "10.2.1", + "first_contacted": null, + "target_start": "2021-12-20", + "target_end": "2021-12-27", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 3, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Not Started", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2021-11-05T06:44:35.773Z", + "updated": "2021-11-05T06:49:39.475Z", + "name": "Multiple scanners", + "description": "Example engagement with multiple scan types.", + "version": "1.2.1", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2021-11-05T06:54:11.880Z", + "updated": "2021-11-05T06:55:42.622Z", + "name": "Manual PenTest", + "description": "Please do a manual pentest before our next release to prod.", + "version": "1.9.1", + "first_contacted": null, + "target_start": "2021-12-30", + "target_end": "2022-01-02", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": "", + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Blocked", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2021-11-05T07:06:26.136Z", + "updated": "2021-11-05T07:07:44.126Z", + "name": "CI/CD Baseline Security Test", + "description": "", + "version": "1.1.2", + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-11", + "lead": [ + "admin" + ], + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": false, + "tracker": "https://github.com/psiinon/bodgeit", + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "Completed", + "progress": "other", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "CI/CD", + "build_id": "89", + "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6", + "branch_tag": "master", + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": "https://github.com/psiinon/bodgeit", + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.engagementevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2021-11-05T10:43:05.446Z", + "updated": "2021-11-05T10:43:05.446Z", + "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55", + "description": null, + "version": null, + "first_contacted": null, + "target_start": "2021-11-04", + "target_end": "2021-11-04", + "lead": null, + "requester": null, + "preset": null, + "reason": null, + "report_type": null, + "product": 1, + "active": true, + "tracker": null, + "test_strategy": null, + "threat_model": false, + "api_test": false, + "pen_test": false, + "check_list": false, + "status": "In Progress", + "progress": "threat_model", + "tmodel_path": "none", + "done_testing": false, + "engagement_type": "Interactive", + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "build_server": null, + "source_code_management_server": null, + "source_code_management_uri": null, + "orchestration_engine": null, + "deduplication_on_engagement": false + } +}, +{ + "model": "dojo.findingevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.707Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.280Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.297Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:12.850Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": null, + "updated": null, + "title": "High Impact Test Finding", + "date": "2021-03-21", + "sla_start_date": null, + "sla_expiration_date": "2021-04-20", + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "test finding", + "mitigation": "test mitigation", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.314Z", + "review_requested_by": [ + "admin" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "admin" + ], + "is_mitigated": false, + "thread_id": 11, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7", + "line": null, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": null, + "updated": null, + "title": "Dummy Finding", + "date": "2021-03-20", + "sla_start_date": null, + "sla_expiration_date": "2021-04-19", + "cwe": 1, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "http://www.example.com", + "severity": "High", + "description": "TEST finding", + "mitigation": "MITIGATION", + "fix_available": null, + "fix_version": null, + "impact": "HIGH", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 3, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.331Z", + "review_requested_by": [ + "product_manager" + ], + "under_defect_review": false, + "defect_review_requested_by": [ + "product_manager" + ], + "is_mitigated": false, + "thread_id": 1, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "product_manager" + ], + "numerical_severity": "S1", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "line": 100, + "file_path": "", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2021-11-04T09:01:32.590Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:32.587Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "created": "2021-11-04T09:01:32.769Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.758Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:32.763Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2021-11-04T09:01:32.948Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:32.945Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2021-11-04T09:01:33.124Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.527Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.122Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2021-11-04T09:01:33.268Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:33.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2021-11-04T09:01:33.438Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:33.435Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "created": "2021-11-04T09:01:33.602Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.599Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "created": "2021-11-04T09:01:33.755Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.344Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "created": "2021-11-04T09:01:33.905Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.192Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:33.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "created": "2021-11-04T09:01:34.060Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.056Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "created": "2021-11-04T09:01:34.209Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.659Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "created": "2021-11-04T09:01:34.373Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"    \" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.772Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:34.370Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 20, + "pgh_context": null, + "id": 20, + "created": "2021-11-04T09:01:34.530Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.486Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:34.527Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 20, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 21, + "pgh_context": null, + "id": 21, + "created": "2021-11-04T09:01:34.702Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.933Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.699Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 21, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 22, + "pgh_context": null, + "id": 22, + "created": "2021-11-04T09:01:34.865Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.396Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:34.861Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 22, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 23, + "pgh_context": null, + "id": 23, + "created": "2021-11-04T09:01:35.040Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.227Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.037Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 23, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 24, + "pgh_context": null, + "id": 24, + "created": "2021-11-04T09:01:35.231Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.053Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 24, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 25, + "pgh_context": null, + "id": 25, + "created": "2021-11-04T09:01:35.388Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:35.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 25, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 26, + "pgh_context": null, + "id": 26, + "created": "2021-11-04T09:01:35.563Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.301Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.561Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 26, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 27, + "pgh_context": null, + "id": 27, + "created": "2021-11-04T09:01:35.729Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.640Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.724Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 27, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 28, + "pgh_context": null, + "id": 28, + "created": "2021-11-04T09:01:35.904Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.577Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:35.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 28, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 29, + "pgh_context": null, + "id": 29, + "created": "2021-11-04T09:01:36.151Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.542Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 29, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 30, + "pgh_context": null, + "id": 30, + "created": "2021-11-04T09:01:36.397Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.394Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 30, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 31, + "pgh_context": null, + "id": 31, + "created": "2021-11-04T09:01:36.586Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.642Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 31, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 32, + "pgh_context": null, + "id": 32, + "created": "2021-11-04T09:01:36.781Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.977Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:36.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 32, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 33, + "pgh_context": null, + "id": 33, + "created": "2021-11-04T09:01:36.976Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.583Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:36.972Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 33, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 34, + "pgh_context": null, + "id": 34, + "created": "2021-11-04T09:01:37.211Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.145Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 34, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 35, + "pgh_context": null, + "id": 35, + "created": "2021-11-04T09:01:37.495Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:37.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 35, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 36, + "pgh_context": null, + "id": 36, + "created": "2021-11-04T09:01:37.702Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.138Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 36, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 37, + "pgh_context": null, + "id": 37, + "created": "2021-11-04T09:01:37.894Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.165Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:37.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 37, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 38, + "pgh_context": null, + "id": 38, + "created": "2021-11-04T09:01:38.083Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.328Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.079Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 38, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 39, + "pgh_context": null, + "id": 39, + "created": "2021-11-04T09:01:38.281Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.306Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.277Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 39, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 40, + "pgh_context": null, + "id": 40, + "created": "2021-11-04T09:01:38.499Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.989Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.495Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 40, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 41, + "pgh_context": null, + "id": 41, + "created": "2021-11-04T09:01:38.694Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.038Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:38.690Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 41, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 42, + "pgh_context": null, + "id": 42, + "created": "2021-11-04T09:01:38.895Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:38.891Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 42, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 43, + "pgh_context": null, + "id": 43, + "created": "2021-11-04T09:01:39.107Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.727Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.102Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 43, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 44, + "pgh_context": null, + "id": 44, + "created": "2021-11-04T09:01:39.298Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.686Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.295Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 44, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 45, + "pgh_context": null, + "id": 45, + "created": "2021-11-04T09:01:39.448Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:39.444Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 45, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 46, + "pgh_context": null, + "id": 46, + "created": "2021-11-04T09:01:39.616Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.443Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:39.613Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 46, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 47, + "pgh_context": null, + "id": 47, + "created": "2021-11-04T09:01:39.814Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.551Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:39.809Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 47, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 48, + "pgh_context": null, + "id": 48, + "created": "2021-11-04T09:01:40.005Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.964Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.001Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 48, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 49, + "pgh_context": null, + "id": 49, + "created": "2021-11-04T09:01:40.176Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.605Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.173Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 49, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 50, + "pgh_context": null, + "id": 50, + "created": "2021-11-04T09:01:40.355Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 50, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 51, + "pgh_context": null, + "id": 51, + "created": "2021-11-04T09:01:40.539Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.724Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:40.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 51, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 52, + "pgh_context": null, + "id": 52, + "created": "2021-11-04T09:01:40.715Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.598Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:40.710Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 52, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 53, + "pgh_context": null, + "id": 53, + "created": "2021-11-04T09:01:40.869Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.582Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:40.865Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 53, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 54, + "pgh_context": null, + "id": 54, + "created": "2021-11-04T09:01:41.022Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.271Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.019Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 54, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 55, + "pgh_context": null, + "id": 55, + "created": "2021-11-04T09:01:41.178Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.820Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.175Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 55, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 56, + "pgh_context": null, + "id": 56, + "created": "2021-11-04T09:01:41.335Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.516Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.332Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 56, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 57, + "pgh_context": null, + "id": 57, + "created": "2021-11-04T09:01:41.494Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.970Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.491Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 57, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 58, + "pgh_context": null, + "id": 58, + "created": "2021-11-04T09:01:41.669Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.505Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:41.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 58, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 59, + "pgh_context": null, + "id": 59, + "created": "2021-11-04T09:01:41.820Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.084Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:41.817Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 59, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 60, + "pgh_context": null, + "id": 60, + "created": "2021-11-04T09:01:41.972Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.499Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:41.970Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 60, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 61, + "pgh_context": null, + "id": 61, + "created": "2021-11-04T09:01:42.130Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.376Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 61, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 62, + "pgh_context": null, + "id": 62, + "created": "2021-11-04T09:01:42.302Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.836Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:42.298Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 62, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 63, + "pgh_context": null, + "id": 63, + "created": "2021-11-04T09:01:42.457Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"    \" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.855Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.453Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 63, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 64, + "pgh_context": null, + "id": 64, + "created": "2021-11-04T09:01:42.620Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.552Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.617Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 64, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 65, + "pgh_context": null, + "id": 65, + "created": "2021-11-04T09:01:42.796Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.547Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:42.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 65, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 66, + "pgh_context": null, + "id": 66, + "created": "2021-11-04T09:01:42.956Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.025Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:42.953Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 66, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 67, + "pgh_context": null, + "id": 67, + "created": "2021-11-04T09:01:43.115Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.789Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 67, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 68, + "pgh_context": null, + "id": 68, + "created": "2021-11-04T09:01:43.269Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.881Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:43.267Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 68, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 69, + "pgh_context": null, + "id": 69, + "created": "2021-11-04T09:01:43.431Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.831Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.428Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 69, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 70, + "pgh_context": null, + "id": 70, + "created": "2021-11-04T09:01:43.595Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.980Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.592Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 70, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 71, + "pgh_context": null, + "id": 71, + "created": "2021-11-04T09:01:43.752Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.521Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.749Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 71, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 72, + "pgh_context": null, + "id": 72, + "created": "2021-11-04T09:01:43.931Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.785Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:43.927Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 72, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 73, + "pgh_context": null, + "id": 73, + "created": "2021-11-04T09:01:44.091Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.274Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.088Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 73, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 74, + "pgh_context": null, + "id": 74, + "created": "2021-11-04T09:01:44.250Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.247Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 74, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 75, + "pgh_context": null, + "id": 75, + "created": "2021-11-04T09:01:44.408Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.518Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 75, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 76, + "pgh_context": null, + "id": 76, + "created": "2021-11-04T09:01:44.599Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.347Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.595Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 76, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 77, + "pgh_context": null, + "id": 77, + "created": "2021-11-04T09:01:44.798Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.680Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:44.794Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 77, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 78, + "pgh_context": null, + "id": 78, + "created": "2021-11-04T09:01:44.961Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:44.955Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 78, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 79, + "pgh_context": null, + "id": 79, + "created": "2021-11-04T09:01:45.167Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.239Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.164Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 79, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 80, + "pgh_context": null, + "id": 80, + "created": "2021-11-04T09:01:45.338Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.334Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.335Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 80, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 81, + "pgh_context": null, + "id": 81, + "created": "2021-11-04T09:01:45.495Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.208Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.492Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 81, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 82, + "pgh_context": null, + "id": 82, + "created": "2021-11-04T09:01:45.667Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.664Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 82, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 83, + "pgh_context": null, + "id": 83, + "created": "2021-11-04T09:01:45.809Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.793Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 83, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 84, + "pgh_context": null, + "id": 84, + "created": "2021-11-04T09:01:45.947Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:45.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 84, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 85, + "pgh_context": null, + "id": 85, + "created": "2021-11-04T09:01:46.093Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

    \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.595Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.090Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 85, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 86, + "pgh_context": null, + "id": 86, + "created": "2021-11-04T09:01:46.242Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.149Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.239Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 86, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 87, + "pgh_context": null, + "id": 87, + "created": "2021-11-04T09:01:46.417Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.810Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.413Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 87, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 88, + "pgh_context": null, + "id": 88, + "created": "2021-11-04T09:01:46.582Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:46.579Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 88, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 89, + "pgh_context": null, + "id": 89, + "created": "2021-11-04T09:01:46.729Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.118Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:46.727Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 89, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 90, + "pgh_context": null, + "id": 90, + "created": "2021-11-04T09:01:46.883Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.823Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:46.880Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 90, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 91, + "pgh_context": null, + "id": 91, + "created": "2021-11-04T09:01:47.032Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.029Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 91, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 92, + "pgh_context": null, + "id": 92, + "created": "2021-11-04T09:01:47.169Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.331Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.166Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 92, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 93, + "pgh_context": null, + "id": 93, + "created": "2021-11-04T09:01:47.314Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.478Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.311Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 93, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 94, + "pgh_context": null, + "id": 94, + "created": "2021-11-04T09:01:47.459Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.765Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.456Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 94, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 95, + "pgh_context": null, + "id": 95, + "created": "2021-11-04T09:01:47.615Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.907Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.612Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 95, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 96, + "pgh_context": null, + "id": 96, + "created": "2021-11-04T09:01:47.776Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.439Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:47.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 96, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 97, + "pgh_context": null, + "id": 97, + "created": "2021-11-04T09:01:47.932Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.222Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:47.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 97, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 98, + "pgh_context": null, + "id": 98, + "created": "2021-11-04T09:01:48.091Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.086Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 98, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 99, + "pgh_context": null, + "id": 99, + "created": "2021-11-04T09:01:48.247Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.685Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.245Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 99, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 100, + "pgh_context": null, + "id": 100, + "created": "2021-11-04T09:01:48.418Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.461Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.415Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 100, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 101, + "pgh_context": null, + "id": 101, + "created": "2021-11-04T09:01:48.575Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.251Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:48.572Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 101, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 102, + "pgh_context": null, + "id": 102, + "created": "2021-11-04T09:01:48.732Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.939Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:48.730Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 102, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 103, + "pgh_context": null, + "id": 103, + "created": "2021-11-04T09:01:48.890Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.589Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:48.887Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 103, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 104, + "pgh_context": null, + "id": 104, + "created": "2021-11-04T09:01:49.061Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.107Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.057Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 104, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 105, + "pgh_context": null, + "id": 105, + "created": "2021-11-04T09:01:49.230Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.892Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 105, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 106, + "pgh_context": null, + "id": 106, + "created": "2021-11-04T09:01:49.390Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.168Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.387Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 106, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 107, + "pgh_context": null, + "id": 107, + "created": "2021-11-04T09:01:49.553Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.825Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.551Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 107, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 108, + "pgh_context": null, + "id": 108, + "created": "2021-11-04T09:01:49.698Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.318Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.693Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 108, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 109, + "pgh_context": null, + "id": 109, + "created": "2021-11-04T09:01:49.847Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.072Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:49.844Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 109, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 110, + "pgh_context": null, + "id": 110, + "created": "2021-11-04T09:01:49.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.897Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:49.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 110, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 111, + "pgh_context": null, + "id": 111, + "created": "2021-11-04T09:01:50.133Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.338Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.130Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 111, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 112, + "pgh_context": null, + "id": 112, + "created": "2021-11-04T09:01:50.272Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.753Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 112, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 113, + "pgh_context": null, + "id": 113, + "created": "2021-11-04T09:01:50.425Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.249Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.422Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 113, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 114, + "pgh_context": null, + "id": 114, + "created": "2021-11-04T09:01:50.583Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.091Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:50.580Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 114, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 115, + "pgh_context": null, + "id": 115, + "created": "2021-11-04T09:01:50.757Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.561Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.754Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 115, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 116, + "pgh_context": null, + "id": 116, + "created": "2021-11-04T09:01:50.920Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.130Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:50.913Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 116, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 117, + "pgh_context": null, + "id": 117, + "created": "2021-11-04T09:01:51.100Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.926Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:51.097Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 117, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 118, + "pgh_context": null, + "id": 118, + "created": "2021-11-04T09:01:51.303Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.958Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.299Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 118, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 119, + "pgh_context": null, + "id": 119, + "created": "2021-11-04T09:01:51.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.848Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 119, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 120, + "pgh_context": null, + "id": 120, + "created": "2021-11-04T09:01:51.704Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 120, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 121, + "pgh_context": null, + "id": 121, + "created": "2021-11-04T09:01:51.884Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.397Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:51.881Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 121, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 122, + "pgh_context": null, + "id": 122, + "created": "2021-11-04T09:01:52.056Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.414Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 122, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 123, + "pgh_context": null, + "id": 123, + "created": "2021-11-04T09:01:52.205Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.613Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.202Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 123, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 124, + "pgh_context": null, + "id": 124, + "created": "2021-11-04T09:01:52.350Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.718Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.347Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 124, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 125, + "pgh_context": null, + "id": 125, + "created": "2021-11-04T09:01:52.512Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.763Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.508Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 125, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 126, + "pgh_context": null, + "id": 126, + "created": "2021-11-04T09:01:52.665Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.806Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:52.662Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 126, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 127, + "pgh_context": null, + "id": 127, + "created": "2021-11-04T09:01:52.806Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.407Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:52.803Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 127, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 128, + "pgh_context": null, + "id": 128, + "created": "2021-11-04T09:01:52.969Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.196Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:52.966Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 128, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 129, + "pgh_context": null, + "id": 129, + "created": "2021-11-04T09:01:53.115Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.638Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.112Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 129, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 130, + "pgh_context": null, + "id": 130, + "created": "2021-11-04T09:01:53.272Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.011Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.269Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 130, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 131, + "pgh_context": null, + "id": 131, + "created": "2021-11-04T09:01:53.428Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:01:53.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 131, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 132, + "pgh_context": null, + "id": 132, + "created": "2021-11-04T09:01:53.606Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.218Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:53.603Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 132, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 133, + "pgh_context": null, + "id": 133, + "created": "2021-11-04T09:01:53.772Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 133, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 134, + "pgh_context": null, + "id": 134, + "created": "2021-11-04T09:01:53.918Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.281Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:53.915Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 134, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 135, + "pgh_context": null, + "id": 135, + "created": "2021-11-04T09:01:54.071Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.473Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.068Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 135, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 136, + "pgh_context": null, + "id": 136, + "created": "2021-11-04T09:01:54.219Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.733Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.216Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 136, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 137, + "pgh_context": null, + "id": 137, + "created": "2021-11-04T09:01:54.406Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.403Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 137, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 138, + "pgh_context": null, + "id": 138, + "created": "2021-11-04T09:01:54.584Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.632Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:01:54.581Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 138, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 139, + "pgh_context": null, + "id": 139, + "created": "2021-11-04T09:01:54.769Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 15, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:01:54.760Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 139, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 140, + "pgh_context": null, + "id": 140, + "created": "2021-11-04T09:03:27.312Z", + "updated": null, + "title": "SQL Injection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.706Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:27.309Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 140, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 141, + "pgh_context": null, + "id": 141, + "created": "2021-11-04T09:03:27.478Z", + "updated": null, + "title": "Download of Code Without Integrity Check (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.743Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:27.476Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 141, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 142, + "pgh_context": null, + "id": 142, + "created": "2021-11-04T09:03:27.650Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.647Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 142, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 143, + "pgh_context": null, + "id": 143, + "created": "2021-11-04T09:03:27.832Z", + "updated": null, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.510Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.829Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc", + "line": 134, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 143, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 144, + "pgh_context": null, + "id": 144, + "created": "2021-11-04T09:03:27.993Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.315Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:27.990Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27", + "line": 25, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 144, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 145, + "pgh_context": null, + "id": 145, + "created": "2021-11-04T09:03:28.179Z", + "updated": null, + "title": "Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:28.177Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 145, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 146, + "pgh_context": null, + "id": 146, + "created": "2021-11-04T09:03:28.355Z", + "updated": null, + "title": "HttpOnlyCookies (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.437Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.351Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924", + "line": 46, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 146, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 147, + "pgh_context": null, + "id": 147, + "created": "2021-11-04T09:03:28.525Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.359Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.522Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 147, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 148, + "pgh_context": null, + "id": 148, + "created": "2021-11-04T09:03:28.692Z", + "updated": null, + "title": "Hardcoded Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.175Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:28.689Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 148, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 149, + "pgh_context": null, + "id": 149, + "created": "2021-11-04T09:03:28.867Z", + "updated": null, + "title": "Client Insecure Randomness (encryption.js)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.365Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:28.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6", + "line": 127, + "file_path": "/root/js/encryption.js", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 149, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 150, + "pgh_context": null, + "id": 150, + "created": "2021-11-04T09:03:29.039Z", + "updated": null, + "title": "SQL Injection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 150, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 151, + "pgh_context": null, + "id": 151, + "created": "2021-11-04T09:03:29.194Z", + "updated": null, + "title": "Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"    \" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.756Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:29.190Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 151, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 152, + "pgh_context": null, + "id": 152, + "created": "2021-11-04T09:03:29.361Z", + "updated": null, + "title": "CGI Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.470Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.358Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 152, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 153, + "pgh_context": null, + "id": 153, + "created": "2021-11-04T09:03:29.549Z", + "updated": null, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 329, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.547Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c", + "line": 96, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 153, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 154, + "pgh_context": null, + "id": 154, + "created": "2021-11-04T09:03:29.701Z", + "updated": null, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 182, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.411Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.698Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 154, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 155, + "pgh_context": null, + "id": 155, + "created": "2021-11-04T09:03:29.850Z", + "updated": null, + "title": "Stored Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 646, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.244Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:29.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 155, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 156, + "pgh_context": null, + "id": 156, + "created": "2021-11-04T09:03:29.992Z", + "updated": null, + "title": "Hardcoded Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.069Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:29.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 156, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 157, + "pgh_context": null, + "id": 157, + "created": "2021-11-04T09:03:30.139Z", + "updated": null, + "title": "Blind SQL Injections (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.270Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.136Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 157, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 158, + "pgh_context": null, + "id": 158, + "created": "2021-11-04T09:03:30.281Z", + "updated": null, + "title": "Heap Inspection (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.316Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.279Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e", + "line": 10, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 158, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 159, + "pgh_context": null, + "id": 159, + "created": "2021-11-04T09:03:30.451Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.624Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.448Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 159, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 160, + "pgh_context": null, + "id": 160, + "created": "2021-11-04T09:03:30.598Z", + "updated": null, + "title": "Trust Boundary Violation (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 501, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.593Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:30.594Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019", + "line": 22, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 160, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 161, + "pgh_context": null, + "id": 161, + "created": "2021-11-04T09:03:30.754Z", + "updated": null, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
    \" + e);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.557Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.751Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00", + "line": 53, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 161, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 162, + "pgh_context": null, + "id": 162, + "created": "2021-11-04T09:03:30.913Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.056Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:30.910Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717", + "line": 280, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 162, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 163, + "pgh_context": null, + "id": 163, + "created": "2021-11-04T09:03:31.075Z", + "updated": null, + "title": "Empty Password in Connection String (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.073Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 163, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 164, + "pgh_context": null, + "id": 164, + "created": "2021-11-04T09:03:31.228Z", + "updated": null, + "title": "Improper Resource Access Authorization (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.993Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 164, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 165, + "pgh_context": null, + "id": 165, + "created": "2021-11-04T09:03:31.382Z", + "updated": null, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.379Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 165, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 166, + "pgh_context": null, + "id": 166, + "created": "2021-11-04T09:03:31.524Z", + "updated": null, + "title": "Hardcoded Password in Connection String (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.160Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.520Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 166, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 167, + "pgh_context": null, + "id": 167, + "created": "2021-11-04T09:03:31.675Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.484Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:31.672Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c", + "line": 1, + "file_path": "/root/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 167, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 168, + "pgh_context": null, + "id": 168, + "created": "2021-11-04T09:03:31.824Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.153Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.821Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08", + "line": 130, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 168, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 169, + "pgh_context": null, + "id": 169, + "created": "2021-11-04T09:03:31.976Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.181Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:31.973Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03", + "line": 56, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 169, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 170, + "pgh_context": null, + "id": 170, + "created": "2021-11-04T09:03:32.130Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.313Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 170, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 171, + "pgh_context": null, + "id": 171, + "created": "2021-11-04T09:03:32.275Z", + "updated": null, + "title": "Suspected XSS (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.291Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.272Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17", + "line": 57, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 171, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 172, + "pgh_context": null, + "id": 172, + "created": "2021-11-04T09:03:32.427Z", + "updated": null, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.006Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.424Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 172, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 173, + "pgh_context": null, + "id": 173, + "created": "2021-11-04T09:03:32.579Z", + "updated": null, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.022Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.576Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 173, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 174, + "pgh_context": null, + "id": 174, + "created": "2021-11-04T09:03:32.750Z", + "updated": null, + "title": "Empty Password in Connection String (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.691Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:32.746Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 174, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 175, + "pgh_context": null, + "id": 175, + "created": "2021-11-04T09:03:32.910Z", + "updated": null, + "title": "Download of Code Without Integrity Check (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.711Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:32.906Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 175, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 176, + "pgh_context": null, + "id": 176, + "created": "2021-11-04T09:03:33.073Z", + "updated": null, + "title": "Information Exposure Through an Error Message (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.670Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.071Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63", + "line": 41, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 176, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 177, + "pgh_context": null, + "id": 177, + "created": "2021-11-04T09:03:33.230Z", + "updated": null, + "title": "SQL Injection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.644Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:33.227Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 177, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 178, + "pgh_context": null, + "id": 178, + "created": "2021-11-04T09:03:33.396Z", + "updated": null, + "title": "Empty Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.427Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.392Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 178, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 179, + "pgh_context": null, + "id": 179, + "created": "2021-11-04T09:03:33.589Z", + "updated": null, + "title": "CGI Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.535Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:33.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 179, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 180, + "pgh_context": null, + "id": 180, + "created": "2021-11-04T09:03:33.758Z", + "updated": null, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 315, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.948Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 180, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 181, + "pgh_context": null, + "id": 181, + "created": "2021-11-04T09:03:33.921Z", + "updated": null, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:33.917Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c", + "line": 75, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 181, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 182, + "pgh_context": null, + "id": 182, + "created": "2021-11-04T09:03:34.101Z", + "updated": null, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.974Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.096Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 182, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 183, + "pgh_context": null, + "id": 183, + "created": "2021-11-04T09:03:34.261Z", + "updated": null, + "title": "Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.741Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:34.258Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 183, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 184, + "pgh_context": null, + "id": 184, + "created": "2021-11-04T09:03:34.457Z", + "updated": null, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.615Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.454Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4", + "line": 1, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 184, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 185, + "pgh_context": null, + "id": 185, + "created": "2021-11-04T09:03:34.632Z", + "updated": null, + "title": "Empty Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.597Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:34.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 185, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 186, + "pgh_context": null, + "id": 186, + "created": "2021-11-04T09:03:34.811Z", + "updated": null, + "title": "Heap Inspection (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.286Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.807Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2", + "line": 8, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 186, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 187, + "pgh_context": null, + "id": 187, + "created": "2021-11-04T09:03:34.992Z", + "updated": null, + "title": "Download of Code Without Integrity Check (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.804Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:34.989Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447", + "line": 1, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 187, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 188, + "pgh_context": null, + "id": 188, + "created": "2021-11-04T09:03:35.146Z", + "updated": null, + "title": "Session Fixation (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.143Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21", + "line": 48, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 188, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 189, + "pgh_context": null, + "id": 189, + "created": "2021-11-04T09:03:35.308Z", + "updated": null, + "title": "Stored XSS (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.955Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c", + "line": 49, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 189, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 190, + "pgh_context": null, + "id": 190, + "created": "2021-11-04T09:03:35.488Z", + "updated": null, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.489Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:35.484Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659", + "line": 1, + "file_path": "/root/dbconnection.jspf", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 190, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 191, + "pgh_context": null, + "id": 191, + "created": "2021-11-04T09:03:35.655Z", + "updated": null, + "title": "Hardcoded Password in Connection String (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.099Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.652Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 191, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 192, + "pgh_context": null, + "id": 192, + "created": "2021-11-04T09:03:35.814Z", + "updated": null, + "title": "Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.515Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:35.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 192, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 193, + "pgh_context": null, + "id": 193, + "created": "2021-11-04T09:03:35.984Z", + "updated": null, + "title": "HttpOnlyCookies (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:35.980Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932", + "line": 38, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 193, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 194, + "pgh_context": null, + "id": 194, + "created": "2021-11-04T09:03:36.152Z", + "updated": null, + "title": "Download of Code Without Integrity Check (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.851Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:36.148Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f", + "line": 1, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 194, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 195, + "pgh_context": null, + "id": 195, + "created": "2021-11-04T09:03:36.364Z", + "updated": null, + "title": "Stored XSS (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"    \" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.870Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.359Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02", + "line": 31, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 195, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 196, + "pgh_context": null, + "id": 196, + "created": "2021-11-04T09:03:36.557Z", + "updated": null, + "title": "Empty Password in Connection String (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.567Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.552Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36", + "line": 1, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 196, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 197, + "pgh_context": null, + "id": 197, + "created": "2021-11-04T09:03:36.760Z", + "updated": null, + "title": "Reflected XSS All Clients (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.563Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:36.756Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1", + "line": 96, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 197, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 198, + "pgh_context": null, + "id": 198, + "created": "2021-11-04T09:03:36.944Z", + "updated": null, + "title": "Improper Resource Access Authorization (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.009Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:36.938Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628", + "line": 42, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 198, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 199, + "pgh_context": null, + "id": 199, + "created": "2021-11-04T09:03:37.131Z", + "updated": null, + "title": "Download of Code Without Integrity Check (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.773Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.127Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf", + "line": 1, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 199, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 200, + "pgh_context": null, + "id": 200, + "created": "2021-11-04T09:03:37.335Z", + "updated": null, + "title": "Download of Code Without Integrity Check (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.866Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:37.333Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 200, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 201, + "pgh_context": null, + "id": 201, + "created": "2021-11-04T09:03:37.529Z", + "updated": null, + "title": "Improper Resource Access Authorization (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.815Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.526Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f", + "line": 55, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 201, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 202, + "pgh_context": null, + "id": 202, + "created": "2021-11-04T09:03:37.704Z", + "updated": null, + "title": "Race Condition Format Flaw (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.995Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.701Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a", + "line": 262, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 202, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 203, + "pgh_context": null, + "id": 203, + "created": "2021-11-04T09:03:37.904Z", + "updated": null, + "title": "Empty Password in Connection String (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.536Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:37.900Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e", + "line": 89, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 203, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 204, + "pgh_context": null, + "id": 204, + "created": "2021-11-04T09:03:38.097Z", + "updated": null, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.769Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.093Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725", + "line": 31, + "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 204, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 205, + "pgh_context": null, + "id": 205, + "created": "2021-11-04T09:03:38.273Z", + "updated": null, + "title": "Suspected XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.260Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.265Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 205, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 206, + "pgh_context": null, + "id": 206, + "created": "2021-11-04T09:03:38.494Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.655Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 206, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 207, + "pgh_context": null, + "id": 207, + "created": "2021-11-04T09:03:38.726Z", + "updated": null, + "title": "CGI Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.501Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:38.720Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 207, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 208, + "pgh_context": null, + "id": 208, + "created": "2021-11-04T09:03:38.922Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.363Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:38.918Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 208, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 209, + "pgh_context": null, + "id": 209, + "created": "2021-11-04T09:03:39.098Z", + "updated": null, + "title": "Download of Code Without Integrity Check (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.695Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.095Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2", + "line": 87, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 209, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 210, + "pgh_context": null, + "id": 210, + "created": "2021-11-04T09:03:39.259Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.234Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.256Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 210, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 211, + "pgh_context": null, + "id": 211, + "created": "2021-11-04T09:03:39.465Z", + "updated": null, + "title": "Blind SQL Injections (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.255Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.461Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 211, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 212, + "pgh_context": null, + "id": 212, + "created": "2021-11-04T09:03:39.630Z", + "updated": null, + "title": "Client DOM Open Redirect (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 601, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.350Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:39.627Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93", + "line": 48, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 212, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 213, + "pgh_context": null, + "id": 213, + "created": "2021-11-04T09:03:39.787Z", + "updated": null, + "title": "Hardcoded Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.224Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.784Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 213, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 214, + "pgh_context": null, + "id": 214, + "created": "2021-11-04T09:03:39.936Z", + "updated": null, + "title": "CGI Stored XSS (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:39.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242", + "line": 257, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 214, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 215, + "pgh_context": null, + "id": 215, + "created": "2021-11-04T09:03:40.133Z", + "updated": null, + "title": "Use of Insufficiently Random Values (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.809Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.129Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 215, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 216, + "pgh_context": null, + "id": 216, + "created": "2021-11-04T09:03:40.291Z", + "updated": null, + "title": "Missing X Frame Options (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 829, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.288Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 216, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 217, + "pgh_context": null, + "id": 217, + "created": "2021-11-04T09:03:40.455Z", + "updated": null, + "title": "Reflected XSS All Clients (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

    \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.578Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:40.452Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06", + "line": 18, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 217, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 218, + "pgh_context": null, + "id": 218, + "created": "2021-11-04T09:03:40.624Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.134Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.621Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb", + "line": 84, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 218, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 219, + "pgh_context": null, + "id": 219, + "created": "2021-11-04T09:03:40.780Z", + "updated": null, + "title": "Information Exposure Through an Error Message (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.795Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:40.777Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9", + "line": 37, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 219, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 220, + "pgh_context": null, + "id": 220, + "created": "2021-11-04T09:03:40.990Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.732Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:40.984Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be", + "line": 26, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 220, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 221, + "pgh_context": null, + "id": 221, + "created": "2021-11-04T09:03:41.162Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.103Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.158Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41", + "line": 56, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 221, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 222, + "pgh_context": null, + "id": 222, + "created": "2021-11-04T09:03:41.406Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.839Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:41.402Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e", + "line": 68, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 222, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 223, + "pgh_context": null, + "id": 223, + "created": "2021-11-04T09:03:41.600Z", + "updated": null, + "title": "CGI Stored XSS (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.596Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991", + "line": 21, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 223, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 224, + "pgh_context": null, + "id": 224, + "created": "2021-11-04T09:03:41.772Z", + "updated": null, + "title": "Heap Inspection (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.345Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:41.769Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd", + "line": 7, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 224, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 225, + "pgh_context": null, + "id": 225, + "created": "2021-11-04T09:03:41.947Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.493Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:41.944Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992", + "line": 57, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 225, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 226, + "pgh_context": null, + "id": 226, + "created": "2021-11-04T09:03:42.129Z", + "updated": null, + "title": "Information Exposure Through an Error Message (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.780Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.126Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19", + "line": 70, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 226, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 227, + "pgh_context": null, + "id": 227, + "created": "2021-11-04T09:03:42.301Z", + "updated": null, + "title": "Improper Resource Access Authorization (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.296Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 227, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 228, + "pgh_context": null, + "id": 228, + "created": "2021-11-04T09:03:42.482Z", + "updated": null, + "title": "CGI Stored XSS (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.455Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.479Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d", + "line": 29, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 228, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 229, + "pgh_context": null, + "id": 229, + "created": "2021-11-04T09:03:42.670Z", + "updated": null, + "title": "Blind SQL Injections (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.204Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:42.667Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 229, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 230, + "pgh_context": null, + "id": 230, + "created": "2021-11-04T09:03:42.875Z", + "updated": null, + "title": "HttpOnlyCookies in Config (web.xml)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.469Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:42.855Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0", + "line": 1, + "file_path": "/build/WEB-INF/web.xml", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 230, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 231, + "pgh_context": null, + "id": 231, + "created": "2021-11-04T09:03:43.252Z", + "updated": null, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 321, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.249Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b", + "line": 53, + "file_path": "/src/com/thebodgeitstore/util/AES.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 231, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 232, + "pgh_context": null, + "id": 232, + "created": "2021-11-04T09:03:43.521Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.445Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:43.516Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 232, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 233, + "pgh_context": null, + "id": 233, + "created": "2021-11-04T09:03:43.816Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.266Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:43.811Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02", + "line": 141, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 233, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 234, + "pgh_context": null, + "id": 234, + "created": "2021-11-04T09:03:44.090Z", + "updated": null, + "title": "Stored XSS (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.922Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:44.082Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d", + "line": 19, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 234, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 235, + "pgh_context": null, + "id": 235, + "created": "2021-11-04T09:03:44.309Z", + "updated": null, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.573Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.305Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd", + "line": 65, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 235, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 236, + "pgh_context": null, + "id": 236, + "created": "2021-11-04T09:03:44.506Z", + "updated": null, + "title": "Improper Resource Access Authorization (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.123Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.500Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10", + "line": 14, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 236, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 237, + "pgh_context": null, + "id": 237, + "created": "2021-11-04T09:03:44.703Z", + "updated": null, + "title": "Improper Resource Access Authorization (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.876Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.700Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17", + "line": 14, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 237, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 238, + "pgh_context": null, + "id": 238, + "created": "2021-11-04T09:03:44.936Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.185Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:44.930Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6", + "line": 40, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 238, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 239, + "pgh_context": null, + "id": 239, + "created": "2021-11-04T09:03:45.150Z", + "updated": null, + "title": "Information Exposure Through an Error Message (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.841Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.147Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2", + "line": 58, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 239, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 240, + "pgh_context": null, + "id": 240, + "created": "2021-11-04T09:03:45.387Z", + "updated": null, + "title": "Blind SQL Injections (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.302Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.382Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336", + "line": 30, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 240, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 241, + "pgh_context": null, + "id": 241, + "created": "2021-11-04T09:03:45.588Z", + "updated": null, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 784, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.087Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:45.583Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9", + "line": 45, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 241, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 242, + "pgh_context": null, + "id": 242, + "created": "2021-11-04T09:03:45.816Z", + "updated": null, + "title": "Download of Code Without Integrity Check (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.911Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:45.806Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 242, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 243, + "pgh_context": null, + "id": 243, + "created": "2021-11-04T09:03:46.040Z", + "updated": null, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 567, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.322Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.034Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87", + "line": 93, + "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 243, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 244, + "pgh_context": null, + "id": 244, + "created": "2021-11-04T09:03:46.325Z", + "updated": null, + "title": "Empty Password in Connection String (search.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.738Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.316Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95", + "line": 1, + "file_path": "/root/search.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 244, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 245, + "pgh_context": null, + "id": 245, + "created": "2021-11-04T09:03:46.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.201Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.567Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 245, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 246, + "pgh_context": null, + "id": 246, + "created": "2021-11-04T09:03:46.801Z", + "updated": null, + "title": "Improper Resource Access Authorization (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.074Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:46.793Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40", + "line": 14, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 246, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 247, + "pgh_context": null, + "id": 247, + "created": "2021-11-04T09:03:47.007Z", + "updated": null, + "title": "Session Fixation (logout.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 384, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.546Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10", + "line": 3, + "file_path": "/root/logout.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 247, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 248, + "pgh_context": null, + "id": 248, + "created": "2021-11-04T09:03:47.229Z", + "updated": null, + "title": "Hardcoded Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.115Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.225Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 248, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 249, + "pgh_context": null, + "id": 249, + "created": "2021-11-04T09:03:47.445Z", + "updated": null, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 547, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.942Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:47.440Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 249, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 250, + "pgh_context": null, + "id": 250, + "created": "2021-11-04T09:03:47.662Z", + "updated": null, + "title": "Improper Resource Access Authorization (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.938Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.659Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1", + "line": 15, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 250, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 251, + "pgh_context": null, + "id": 251, + "created": "2021-11-04T09:03:47.867Z", + "updated": null, + "title": "Improper Resource Access Authorization (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.862Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:47.864Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9", + "line": 91, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 251, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 252, + "pgh_context": null, + "id": 252, + "created": "2021-11-04T09:03:48.018Z", + "updated": null, + "title": "Empty Password in Connection String (score.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.722Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.015Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44", + "line": 1, + "file_path": "/root/score.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 252, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 253, + "pgh_context": null, + "id": 253, + "created": "2021-11-04T09:03:48.175Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.380Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.171Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 253, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 254, + "pgh_context": null, + "id": 254, + "created": "2021-11-04T09:03:48.382Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.429Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.378Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28", + "line": 97, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 254, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 255, + "pgh_context": null, + "id": 255, + "created": "2021-11-04T09:03:48.563Z", + "updated": null, + "title": "Empty Password in Connection String (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.628Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.560Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296", + "line": 1, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 255, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 256, + "pgh_context": null, + "id": 256, + "created": "2021-11-04T09:03:48.761Z", + "updated": null, + "title": "Information Exposure Through an Error Message (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.702Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:48.755Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb", + "line": 63, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 256, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 257, + "pgh_context": null, + "id": 257, + "created": "2021-11-04T09:03:48.957Z", + "updated": null, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.748Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:48.954Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 257, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 258, + "pgh_context": null, + "id": 258, + "created": "2021-11-04T09:03:49.162Z", + "updated": null, + "title": "Stored XSS (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.788Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:49.157Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d", + "line": 89, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 258, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 259, + "pgh_context": null, + "id": 259, + "created": "2021-11-04T09:03:49.539Z", + "updated": null, + "title": "HttpOnlyCookies (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 10706, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:49.535Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3", + "line": 35, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 259, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 260, + "pgh_context": null, + "id": 260, + "created": "2021-11-04T09:03:49.721Z", + "updated": null, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 614, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.211Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.716Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99", + "line": 61, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 260, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 261, + "pgh_context": null, + "id": 261, + "created": "2021-11-04T09:03:49.927Z", + "updated": null, + "title": "Information Exposure Through an Error Message (header.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.654Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:49.923Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215", + "line": 99, + "file_path": "/root/header.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 261, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 262, + "pgh_context": null, + "id": 262, + "created": "2021-11-04T09:03:50.136Z", + "updated": null, + "title": "Race Condition Format Flaw (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 362, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.026Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.131Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1", + "line": 51, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 262, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 263, + "pgh_context": null, + "id": 263, + "created": "2021-11-04T09:03:50.351Z", + "updated": null, + "title": "Stored XSS (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.887Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:50.345Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2", + "line": 49, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 263, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 264, + "pgh_context": null, + "id": 264, + "created": "2021-11-04T09:03:50.575Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.282Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:50.571Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1", + "line": 274, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 264, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 265, + "pgh_context": null, + "id": 265, + "created": "2021-11-04T09:03:50.779Z", + "updated": null, + "title": "Heap Inspection (init.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 244, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.240Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.772Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f", + "line": 1, + "file_path": "/root/init.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 265, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 266, + "pgh_context": null, + "id": 266, + "created": "2021-11-04T09:03:50.992Z", + "updated": null, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:50.988Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8", + "line": 37, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 266, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 267, + "pgh_context": null, + "id": 267, + "created": "2021-11-04T09:03:51.212Z", + "updated": null, + "title": "Empty Password in Connection String (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 259, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.458Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.206Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6", + "line": 1, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 267, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 268, + "pgh_context": null, + "id": 268, + "created": "2021-11-04T09:03:51.383Z", + "updated": null, + "title": "Information Exposure Through an Error Message (product.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 209, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.749Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.380Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49", + "line": 98, + "file_path": "/root/product.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 268, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 269, + "pgh_context": null, + "id": 269, + "created": "2021-11-04T09:03:51.544Z", + "updated": null, + "title": "XSRF (password.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.824Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.541Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473", + "line": 24, + "file_path": "/root/password.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 269, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 270, + "pgh_context": null, + "id": 270, + "created": "2021-11-04T09:03:51.721Z", + "updated": null, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.648Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:51.719Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f", + "line": 1, + "file_path": "/root/advanced.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 270, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 271, + "pgh_context": null, + "id": 271, + "created": "2021-11-04T09:03:51.877Z", + "updated": null, + "title": "Improper Resource Access Authorization (register.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.041Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:51.872Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5", + "line": 29, + "file_path": "/root/register.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 271, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 272, + "pgh_context": null, + "id": 272, + "created": "2021-11-04T09:03:52.049Z", + "updated": null, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 494, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.664Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.046Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e", + "line": 1, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 272, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 273, + "pgh_context": null, + "id": 273, + "created": "2021-11-04T09:03:52.209Z", + "updated": null, + "title": "Improper Resource Access Authorization (admin.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 285, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.800Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.205Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099", + "line": 12, + "file_path": "/root/admin.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 273, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 274, + "pgh_context": null, + "id": 274, + "created": "2021-11-04T09:03:52.388Z", + "updated": null, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 338, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.609Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.385Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2", + "line": 54, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 274, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 275, + "pgh_context": null, + "id": 275, + "created": "2021-11-04T09:03:52.571Z", + "updated": null, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-03-16", + "cwe": 404, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:17.298Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-04T09:03:52.568Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b", + "line": 29, + "file_path": "/root/contact.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 275, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 276, + "pgh_context": null, + "id": 276, + "created": "2021-11-04T09:03:52.771Z", + "updated": null, + "title": "Reflected XSS All Clients (login.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 79, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

    \");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.531Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:52.766Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e", + "line": 78, + "file_path": "/root/login.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 276, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 277, + "pgh_context": null, + "id": 277, + "created": "2021-11-04T09:03:52.938Z", + "updated": null, + "title": "Use of Insufficiently Random Values (home.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2020-02-15", + "cwe": 330, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.778Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-04T09:03:52.933Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a", + "line": 24, + "file_path": "/root/home.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 277, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 278, + "pgh_context": null, + "id": 278, + "created": "2021-11-04T09:03:53.124Z", + "updated": null, + "title": "SQL Injection (basket.jsp)", + "date": "2019-11-17", + "sla_start_date": null, + "sla_expiration_date": "2019-12-17", + "cwe": 89, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "High", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "mitigation": "N/A", + "fix_available": null, + "fix_version": null, + "impact": "N/A", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 16, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.612Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-04T09:03:53.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9", + "line": 173, + "file_path": "/root/basket.jsp", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 278, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 279, + "pgh_context": null, + "id": 279, + "created": "2021-11-04T09:36:25.003Z", + "updated": null, + "title": "Test", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": null, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "No url given", + "severity": "Info", + "description": "asdf", + "mitigation": "adf", + "fix_available": null, + "fix_version": null, + "impact": "asdf", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "No references given", + "test": 19, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.675Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": null, + "last_reviewed_by": null, + "param": null, + "payload": null, + "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 279, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 280, + "pgh_context": null, + "id": 280, + "created": "2021-11-05T06:44:35.863Z", + "updated": null, + "title": "Notepad++.exe | CVE-2007-2666", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.440Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:35.859Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 280, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 281, + "pgh_context": null, + "id": 281, + "created": "2021-11-05T06:44:36.140Z", + "updated": null, + "title": "Notepad++.exe | CVE-2008-3436", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 1035, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n", + "test": 25, + "active": false, + "verified": false, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.456Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:44:36.137Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb", + "line": null, + "file_path": "notepad++.exe", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 281, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 282, + "pgh_context": null, + "id": 282, + "created": "2021-11-05T06:46:06.484Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.352Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:06.480Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 282, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 283, + "pgh_context": null, + "id": 283, + "created": "2021-11-05T06:46:06.676Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.001Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:06.674Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 283, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 284, + "pgh_context": null, + "id": 284, + "created": "2021-11-05T06:46:06.857Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.127Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:06.854Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 284, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 285, + "pgh_context": null, + "id": 285, + "created": "2021-11-05T06:46:07.054Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.513Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.052Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 285, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 286, + "pgh_context": null, + "id": 286, + "created": "2021-11-05T06:46:07.234Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.481Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.231Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 286, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 287, + "pgh_context": null, + "id": 287, + "created": "2021-11-05T06:46:07.429Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.467Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.426Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 287, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 288, + "pgh_context": null, + "id": 288, + "created": "2021-11-05T06:46:07.619Z", + "updated": null, + "title": ".NET Debugging Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.986Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:46:07.616Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 288, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 289, + "pgh_context": null, + "id": 289, + "created": "2021-11-05T06:46:07.818Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.452Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:07.815Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 289, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 290, + "pgh_context": null, + "id": 290, + "created": "2021-11-05T06:46:08.024Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.438Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.021Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 290, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 291, + "pgh_context": null, + "id": 291, + "created": "2021-11-05T06:46:08.214Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.423Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.212Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 291, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 292, + "pgh_context": null, + "id": 292, + "created": "2021-11-05T06:46:08.407Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.157Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.405Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 292, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 293, + "pgh_context": null, + "id": 293, + "created": "2021-11-05T06:46:08.576Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.408Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.574Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 293, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 294, + "pgh_context": null, + "id": 294, + "created": "2021-11-05T06:46:08.774Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.395Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:08.770Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 294, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 295, + "pgh_context": null, + "id": 295, + "created": "2021-11-05T06:46:08.994Z", + "updated": null, + "title": "URL Request Gets Path From Variable", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.142Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:46:08.991Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 295, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 296, + "pgh_context": null, + "id": 296, + "created": "2021-11-05T06:46:09.157Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.528Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.155Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 296, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 297, + "pgh_context": null, + "id": 297, + "created": "2021-11-05T06:46:09.337Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.496Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.334Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 297, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 298, + "pgh_context": null, + "id": 298, + "created": "2021-11-05T06:46:09.514Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.381Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.511Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 298, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 299, + "pgh_context": null, + "id": 299, + "created": "2021-11-05T06:46:09.700Z", + "updated": null, + "title": "Comment Indicates Potentially Unfinished Code", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", + "mitigation": "", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 26, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.366Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:46:09.697Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 299, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 300, + "pgh_context": null, + "id": 300, + "created": "2021-11-05T06:47:17.890Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.095Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 300, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 301, + "pgh_context": null, + "id": 301, + "created": "2021-11-05T06:47:18.169Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.606Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 301, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 302, + "pgh_context": null, + "id": 302, + "created": "2021-11-05T06:47:18.645Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.375Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 302, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 303, + "pgh_context": null, + "id": 303, + "created": "2021-11-05T06:47:18.860Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.173Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 303, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 304, + "pgh_context": null, + "id": 304, + "created": "2021-11-05T06:47:19.072Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.078Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 304, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 305, + "pgh_context": null, + "id": 305, + "created": "2021-11-05T06:47:19.278Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.590Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 305, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 306, + "pgh_context": null, + "id": 306, + "created": "2021-11-05T06:47:19.559Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.543Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 306, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 307, + "pgh_context": null, + "id": 307, + "created": "2021-11-05T06:47:19.783Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.422Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 307, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 308, + "pgh_context": null, + "id": 308, + "created": "2021-11-05T06:47:20.049Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.639Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 308, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 309, + "pgh_context": null, + "id": 309, + "created": "2021-11-05T06:47:20.461Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 28, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.346Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T06:47:38.584Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 309, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 310, + "pgh_context": null, + "id": 310, + "created": "2021-11-05T07:07:18.067Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.187Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.064Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 310, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 311, + "pgh_context": null, + "id": 311, + "created": "2021-11-05T07:07:18.320Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.219Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:18.317Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 311, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 312, + "pgh_context": null, + "id": 312, + "created": "2021-11-05T07:07:18.592Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.981Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.590Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 312, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 313, + "pgh_context": null, + "id": 313, + "created": "2021-11-05T07:07:18.815Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.951Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:18.813Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 313, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 314, + "pgh_context": null, + "id": 314, + "created": "2021-11-05T07:07:19.003Z", + "updated": null, + "title": "SQL String Formatting-G201", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.094Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 314, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 315, + "pgh_context": null, + "id": 315, + "created": "2021-11-05T07:07:19.202Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.017Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.199Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 315, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 316, + "pgh_context": null, + "id": 316, + "created": "2021-11-05T07:07:19.412Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.997Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.409Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 316, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 317, + "pgh_context": null, + "id": 317, + "created": "2021-11-05T07:07:19.621Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.935Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:19.618Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 317, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 318, + "pgh_context": null, + "id": 318, + "created": "2021-11-05T07:07:19.850Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.140Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:19.848Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 318, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 319, + "pgh_context": null, + "id": 319, + "created": "2021-11-05T07:07:20.057Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.124Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:20.054Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 319, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 320, + "pgh_context": null, + "id": 320, + "created": "2021-11-05T07:07:20.248Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.966Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.246Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 320, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 321, + "pgh_context": null, + "id": 321, + "created": "2021-11-05T07:07:20.441Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.889Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.438Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 321, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 322, + "pgh_context": null, + "id": 322, + "created": "2021-11-05T07:07:20.634Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.631Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 322, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 323, + "pgh_context": null, + "id": 323, + "created": "2021-11-05T07:07:20.811Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.857Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:20.808Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95", + "line": null, + "file_path": "/vagrant/go/src/govwa/app.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 323, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 324, + "pgh_context": null, + "id": 324, + "created": "2021-11-05T07:07:21.004Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.236Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.002Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 324, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 325, + "pgh_context": null, + "id": 325, + "created": "2021-11-05T07:07:21.191Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.203Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.189Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 325, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 326, + "pgh_context": null, + "id": 326, + "created": "2021-11-05T07:07:21.369Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.904Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.366Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 326, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 327, + "pgh_context": null, + "id": 327, + "created": "2021-11-05T07:07:21.561Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.919Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:21.559Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed", + "line": null, + "file_path": "/vagrant/go/src/govwa/setting/setting.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 327, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 328, + "pgh_context": null, + "id": 328, + "created": "2021-11-05T07:07:21.744Z", + "updated": null, + "title": "Use of Weak Cryptographic Primitive-G401", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.109Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.741Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 328, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 329, + "pgh_context": null, + "id": 329, + "created": "2021-11-05T07:07:21.930Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.032Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:21.928Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 329, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 330, + "pgh_context": null, + "id": 330, + "created": "2021-11-05T07:07:22.124Z", + "updated": null, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.048Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.121Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 330, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 331, + "pgh_context": null, + "id": 331, + "created": "2021-11-05T07:07:22.308Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.014Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.306Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/cookie.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 331, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 332, + "pgh_context": null, + "id": 332, + "created": "2021-11-05T07:07:22.551Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:15.873Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.548Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 332, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 333, + "pgh_context": null, + "id": 333, + "created": "2021-11-05T07:07:22.773Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.156Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:22.771Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 333, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 334, + "pgh_context": null, + "id": 334, + "created": "2021-11-05T07:07:22.989Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.081Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:22.986Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3", + "line": null, + "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 334, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 335, + "pgh_context": null, + "id": 335, + "created": "2021-11-05T07:07:23.204Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.065Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.200Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa", + "line": null, + "file_path": "/vagrant/go/src/govwa/user/user.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 335, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 336, + "pgh_context": null, + "id": 336, + "created": "2021-11-05T07:07:23.489Z", + "updated": null, + "title": "Errors Unhandled.-G104", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Low", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.030Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T07:07:23.486Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 336, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 337, + "pgh_context": null, + "id": 337, + "created": "2021-11-05T07:07:23.721Z", + "updated": null, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": "N/A", + "severity": "Medium", + "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", + "mitigation": "coming soon", + "fix_available": null, + "fix_version": null, + "impact": "", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 31, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.172Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T07:07:23.717Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66", + "line": null, + "file_path": "/vagrant/go/src/govwa/util/template.go", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 337, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 338, + "pgh_context": null, + "id": 338, + "created": "2021-11-05T10:43:05.946Z", + "updated": null, + "title": "Password Field With Autocomplete Enabled", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", + "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n", + "fix_available": null, + "fix_version": null, + "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.111Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:05.943Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 338, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 339, + "pgh_context": null, + "id": 339, + "created": "2021-11-05T10:43:06.237Z", + "updated": null, + "title": "Frameable Response (Potential Clickjacking)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", + "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n", + "fix_available": null, + "fix_version": null, + "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.622Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:06.233Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 339, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 340, + "pgh_context": null, + "id": 340, + "created": "2021-11-05T10:43:06.742Z", + "updated": null, + "title": "Cross-Site Scripting (Reflected)", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "fix_available": null, + "fix_version": null, + "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.391Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:06.738Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 340, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 341, + "pgh_context": null, + "id": 341, + "created": "2021-11-05T10:43:07.038Z", + "updated": null, + "title": "Unencrypted Communications", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-03-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Low", + "description": "URL: http://localhost:8888/\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n", + "fix_available": null, + "fix_version": null, + "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:16.189Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S3", + "last_reviewed": "2021-11-05T10:43:07.036Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 341, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 342, + "pgh_context": null, + "id": 342, + "created": "2021-11-05T10:43:07.297Z", + "updated": null, + "title": "Password Returned in Later Response", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2022-02-01", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", + "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:14.063Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2021-11-05T10:43:07.294Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 342, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 343, + "pgh_context": null, + "id": 343, + "created": "2021-11-05T10:43:07.547Z", + "updated": null, + "title": "Email Addresses Disclosed", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", + "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n", + "fix_available": null, + "fix_version": null, + "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.575Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.545Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 343, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 344, + "pgh_context": null, + "id": 344, + "created": "2021-11-05T10:43:07.888Z", + "updated": null, + "title": "Cross-Site Request Forgery", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", + "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n", + "fix_available": null, + "fix_version": null, + "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.559Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:07.885Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 344, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 345, + "pgh_context": null, + "id": 345, + "created": "2021-11-05T10:43:08.144Z", + "updated": null, + "title": "SQL Injection", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", + "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.406Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.140Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 4, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 345, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 346, + "pgh_context": null, + "id": 346, + "created": "2021-11-05T10:43:08.440Z", + "updated": null, + "title": "Path-Relative Style Sheet Import", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": null, + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Info", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "fix_available": null, + "fix_version": null, + "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:18.658Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S4", + "last_reviewed": "2021-11-05T10:43:08.437Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 7, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.findingevent", + "pk": 346, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 347, + "pgh_context": null, + "id": 347, + "created": "2021-11-05T10:43:08.906Z", + "updated": null, + "title": "Cleartext Submission of Password", + "date": "2021-11-03", + "sla_start_date": null, + "sla_expiration_date": "2021-12-03", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", + "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n", + "fix_available": null, + "fix_version": null, + "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "", + "test": 32, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-01-17T16:52:13.360Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2021-11-05T10:43:08.902Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "scanner_confidence": 1, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": null, + "name": "Research and Development", + "description": null, + "critical_product": false, + "key_product": false + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2021-11-04T09:27:38.846Z", + "name": "Commerce", + "description": null, + "critical_product": true, + "key_product": false + } +}, +{ + "model": "dojo.product_typeevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": "2021-11-04T09:27:51.762Z", + "name": "Billing", + "description": null, + "critical_product": false, + "key_product": true + } +}, +{ + "model": "dojo.productevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": null, + "updated": "2025-01-17T16:52:28.298Z", + "name": "BodgeIt", + "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "product_manager" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 5, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "internal", + "user_records": 1000000000, + "revenue": "1000.00", + "external_audience": true, + "internet_accessible": true, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.productevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": null, + "updated": "2025-01-17T16:52:28.346Z", + "name": "Internal CRM App", + "description": "* New product in development that attempts to follow all best practices", + "product_manager": [ + "product_manager" + ], + "technical_contact": [ + "product_manager" + ], + "team_manager": [ + "user2" + ], + "prod_type": 2, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 51, + "business_criticality": "medium", + "platform": "web", + "lifecycle": "construction", + "origin": "internal", + "user_records": null, + "revenue": null, + "external_audience": false, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.productevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": null, + "updated": "2025-02-06T22:39:22.655Z", + "name": "Apple Accounting Software", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "product_manager": [ + "admin" + ], + "technical_contact": [ + "user2" + ], + "team_manager": [ + "user2" + ], + "prod_type": 3, + "sla_configuration": 1, + "tid": 0, + "prod_numeric_grade": 100, + "business_criticality": "high", + "platform": "web", + "lifecycle": "production", + "origin": "purchased", + "user_records": 5000, + "revenue": null, + "external_audience": true, + "internet_accessible": false, + "enable_product_tag_inheritance": false, + "enable_simple_risk_acceptance": false, + "enable_full_risk_acceptance": true, + "disable_sla_breach_notifications": false, + "async_updating": false + } +}, +{ + "model": "dojo.testevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "engagement": 2, + "lead": [ + "product_manager" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-03-21T01:00:00Z", + "target_end": "2021-03-22T01:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "engagement": 1, + "lead": null, + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-02-18T00:00:00Z", + "target_end": "2021-02-27T00:00:00Z", + "percent_complete": 100, + "environment": 1, + "updated": null, + "created": null, + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:01:30.563Z", + "created": "2021-11-04T09:01:30.563Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "engagement": 4, + "lead": [ + "admin" + ], + "test_type": 12, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-03T00:00:00Z", + "target_end": "2021-11-03T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-04T09:03:25.139Z", + "created": "2021-11-04T09:03:25.139Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "engagement": 6, + "lead": [ + "admin" + ], + "test_type": 21, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2022-01-19T00:00:00Z", + "target_end": "2022-01-24T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:26:34.003Z", + "created": "2021-11-04T09:25:46.327Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "engagement": 7, + "lead": null, + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T09:36:15.180Z", + "target_end": "2021-11-04T09:36:15.180Z", + "percent_complete": null, + "environment": null, + "updated": "2021-11-04T09:36:15.180Z", + "created": "2021-11-04T09:36:15.180Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 20, + "pgh_context": null, + "id": 20, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 1, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:09.101Z", + "created": "2021-11-04T09:43:09.101Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 21, + "pgh_context": null, + "id": 21, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 19, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 2, + "updated": "2021-11-04T09:43:23.410Z", + "created": "2021-11-04T09:43:23.410Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 22, + "pgh_context": null, + "id": 22, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:43:41.711Z", + "created": "2021-11-04T09:43:41.711Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 23, + "pgh_context": null, + "id": 23, + "engagement": 8, + "lead": [ + "admin" + ], + "test_type": 11, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-12-20T00:00:00Z", + "target_end": "2021-12-27T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-04T09:44:01.815Z", + "created": "2021-11-04T09:44:01.815Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 25, + "pgh_context": null, + "id": 25, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 17, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:44:35.814Z", + "created": "2021-11-05T06:44:35.814Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 26, + "pgh_context": null, + "id": 26, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 28, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:46:06.450Z", + "created": "2021-11-05T06:46:06.450Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 28, + "pgh_context": null, + "id": 28, + "engagement": 10, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T06:47:17.517Z", + "created": "2021-11-05T06:47:17.518Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 29, + "pgh_context": null, + "id": 29, + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 29, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 3, + "updated": "2021-11-05T06:54:23.989Z", + "created": "2021-11-05T06:54:23.989Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 30, + "pgh_context": null, + "id": 30, + "engagement": 11, + "lead": [ + "admin" + ], + "test_type": 3, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-11T00:00:00Z", + "percent_complete": null, + "environment": 5, + "updated": "2021-11-05T06:54:35.499Z", + "created": "2021-11-05T06:54:35.499Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 31, + "pgh_context": null, + "id": 31, + "engagement": 12, + "lead": [ + "admin" + ], + "test_type": 30, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T07:07:18.034Z", + "created": "2021-11-05T07:07:18.034Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.testevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 32, + "pgh_context": null, + "id": 32, + "engagement": 13, + "lead": [ + "admin" + ], + "test_type": 9, + "scan_type": null, + "title": null, + "description": null, + "target_start": "2021-11-04T00:00:00Z", + "target_end": "2021-11-04T00:00:00Z", + "percent_complete": 100, + "environment": 7, + "updated": "2021-11-05T10:43:05.485Z", + "created": "2021-11-05T10:43:05.485Z", + "version": null, + "build_id": null, + "commit_hash": null, + "branch_tag": null, + "api_scan_configuration": null + } +}, +{ + "model": "dojo.risk_acceptanceevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "name": "Simple Builtin Risk Acceptance", + "recommendation": "F", + "recommendation_details": null, + "decision": "A", + "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.", + "accepted_by": null, + "path": "", + "owner": [ + "admin" + ], + "expiration_date": null, + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2024-01-29T15:35:18.089Z", + "updated": "2024-01-29T15:35:18.089Z" + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "title": "XSS template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "XSS test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "title": "SQLi template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "High", + "description": "SQLi test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.finding_templateevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:24.905Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "title": "CSRF template", + "cwe": null, + "cve": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "severity": "MEDIUM", + "description": "CSRF test template", + "mitigation": "", + "impact": "", + "references": "", + "last_used": null, + "numerical_severity": null, + "fix_available": null, + "fix_version": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "steps_to_reproduce": null, + "severity_justification": null, + "component_name": null, + "component_version": null, + "notes": null, + "vulnerability_ids_text": null, + "endpoints_text": null + } +}, +{ + "model": "dojo.locationevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.735Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "created": "2026-01-26T15:45:41.735Z", + "updated": "2026-01-26T15:45:41.735Z", + "location_type": "url", + "location_value": "ssh://127.0.0.1" + } +}, +{ + "model": "dojo.locationevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.756Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "created": "2026-01-26T15:45:41.756Z", + "updated": "2026-01-26T15:45:41.756Z", + "location_type": "url", + "location_value": "127.0.0.1" + } +}, +{ + "model": "dojo.locationevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.767Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "created": "2026-01-26T15:45:41.767Z", + "updated": "2026-01-26T15:45:41.767Z", + "location_type": "url", + "location_value": "ftp://localhost/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.777Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "created": "2026-01-26T15:45:41.777Z", + "updated": "2026-01-26T15:45:41.777Z", + "location_type": "url", + "location_value": "http://localhost:8888/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.787Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "created": "2026-01-26T15:45:41.787Z", + "updated": "2026-01-26T15:45:41.787Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/" + } +}, +{ + "model": "dojo.locationevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.797Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "created": "2026-01-26T15:45:41.797Z", + "updated": "2026-01-26T15:45:41.797Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/about.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.807Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "created": "2026-01-26T15:45:41.807Z", + "updated": "2026-01-26T15:45:41.807Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/admin.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.818Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "created": "2026-01-26T15:45:41.818Z", + "updated": "2026-01-26T15:45:41.818Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/advanced.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.828Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "created": "2026-01-26T15:45:41.828Z", + "updated": "2026-01-26T15:45:41.828Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/basket.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.838Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "created": "2026-01-26T15:45:41.838Z", + "updated": "2026-01-26T15:45:41.838Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/contact.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.849Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "created": "2026-01-26T15:45:41.850Z", + "updated": "2026-01-26T15:45:41.850Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/home.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.859Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "created": "2026-01-26T15:45:41.859Z", + "updated": "2026-01-26T15:45:41.859Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/login.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.870Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "created": "2026-01-26T15:45:41.870Z", + "updated": "2026-01-26T15:45:41.870Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/logout.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.880Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "created": "2026-01-26T15:45:41.880Z", + "updated": "2026-01-26T15:45:41.880Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/password.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.891Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "created": "2026-01-26T15:45:41.891Z", + "updated": "2026-01-26T15:45:41.891Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/product.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.901Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "created": "2026-01-26T15:45:41.902Z", + "updated": "2026-01-26T15:45:41.902Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/register.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.912Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "created": "2026-01-26T15:45:41.912Z", + "updated": "2026-01-26T15:45:41.912Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/score.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.922Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "created": "2026-01-26T15:45:41.922Z", + "updated": "2026-01-26T15:45:41.922Z", + "location_type": "url", + "location_value": "http://localhost:8888/bodgeit/search.jsp" + } +}, +{ + "model": "dojo.locationevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.932Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "created": "2026-01-26T15:45:41.932Z", + "updated": "2026-01-26T15:45:41.932Z", + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/" + } +}, +{ + "model": "dojo.urlevent", + "pk": 1, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.735Z", + "pgh_label": "insert", + "pgh_obj": 1, + "pgh_context": null, + "id": 1, + "location": 1, + "protocol": "ssh", + "user_info": "", + "host": "127.0.0.1", + "port": 22, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 2, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.756Z", + "pgh_label": "insert", + "pgh_obj": 2, + "pgh_context": null, + "id": 2, + "location": 2, + "protocol": "", + "user_info": "", + "host": "127.0.0.1", + "port": null, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 3, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.767Z", + "pgh_label": "insert", + "pgh_obj": 3, + "pgh_context": null, + "id": 3, + "location": 3, + "protocol": "ftp", + "user_info": "", + "host": "localhost", + "port": 21, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 4, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.777Z", + "pgh_label": "insert", + "pgh_obj": 4, + "pgh_context": null, + "id": 4, + "location": 4, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 5, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.787Z", + "pgh_label": "insert", + "pgh_obj": 5, + "pgh_context": null, + "id": 5, + "location": 5, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 6, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.797Z", + "pgh_label": "insert", + "pgh_obj": 6, + "pgh_context": null, + "id": 6, + "location": 6, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/about.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 7, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.807Z", + "pgh_label": "insert", + "pgh_obj": 7, + "pgh_context": null, + "id": 7, + "location": 7, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/admin.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 8, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.818Z", + "pgh_label": "insert", + "pgh_obj": 8, + "pgh_context": null, + "id": 8, + "location": 8, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/advanced.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 9, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.828Z", + "pgh_label": "insert", + "pgh_obj": 9, + "pgh_context": null, + "id": 9, + "location": 9, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/basket.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 10, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.838Z", + "pgh_label": "insert", + "pgh_obj": 10, + "pgh_context": null, + "id": 10, + "location": 10, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/contact.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 11, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.849Z", + "pgh_label": "insert", + "pgh_obj": 11, + "pgh_context": null, + "id": 11, + "location": 11, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/home.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 12, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.859Z", + "pgh_label": "insert", + "pgh_obj": 12, + "pgh_context": null, + "id": 12, + "location": 12, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/login.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 13, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.870Z", + "pgh_label": "insert", + "pgh_obj": 13, + "pgh_context": null, + "id": 13, + "location": 13, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/logout.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 14, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.880Z", + "pgh_label": "insert", + "pgh_obj": 14, + "pgh_context": null, + "id": 14, + "location": 14, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/password.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 15, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.891Z", + "pgh_label": "insert", + "pgh_obj": 15, + "pgh_context": null, + "id": 15, + "location": 15, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/product.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 16, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.901Z", + "pgh_label": "insert", + "pgh_obj": 16, + "pgh_context": null, + "id": 16, + "location": 16, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/register.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 17, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.912Z", + "pgh_label": "insert", + "pgh_obj": 17, + "pgh_context": null, + "id": 17, + "location": 17, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/score.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 18, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.922Z", + "pgh_label": "insert", + "pgh_obj": 18, + "pgh_context": null, + "id": 18, + "location": 18, + "protocol": "http", + "user_info": "", + "host": "localhost", + "port": 8888, + "path": "bodgeit/search.jsp", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "dojo.urlevent", + "pk": 19, + "fields": { + "pgh_created_at": "2026-01-26T15:45:41.932Z", + "pgh_label": "insert", + "pgh_obj": 19, + "pgh_context": null, + "id": 19, + "location": 19, + "protocol": "http", + "user_info": "", + "host": "127.0.0.1", + "port": 80, + "path": "endpoint/420/edit/", + "query": "", + "fragment": "", + "host_validation_failure": false + } +}, +{ + "model": "watson.searchentry", + "pk": 1, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Python How-to", + "description": "", + "content": "Python How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 2, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Security How-to", + "description": "", + "content": "Security How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 3, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Security Podcast", + "description": "", + "content": "Security Podcast test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 4, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 5, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Web Scan (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 6, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "14", + "object_id_int": 14, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 7, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 8, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 9, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 10, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 11, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 12, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "14", + "object_id_int": 14, + "title": "API Test (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 13, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S4 None None None None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 14, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 15, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 16, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 17, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 18, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "7", + "object_id_int": 7, + "title": "DUMMY FINDING", + "description": "", + "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH None None S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 19, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "1", + "object_id_int": 1, + "title": "XSS template", + "description": "", + "content": "XSS template HIGH XSS test template None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 20, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 None None None None None None None None None None 2 None None Internal CRM App ", + "url": "/finding/2", + "meta_encoded": "{\"status\": \"Inactive, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 21, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 3 None None Internal CRM App ", + "url": "/finding/3", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 22, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888//bodgeit/", + "description": "", + "content": "http None localhost /bodgeit/ None None", + "url": "/endpoint/8", + "meta_encoded": "{\"product__name\": \"BodgeIt\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 23, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Python How-to", + "description": "", + "content": "Python How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 24, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Security How-to", + "description": "", + "content": "Security How-to test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 25, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "report_type" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Security Podcast", + "description": "", + "content": "Security Podcast test product 0 0 0", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 26, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 27, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Web Scan (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 28, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "cred_user" + ], + "object_id": "14", + "object_id_int": 14, + "title": "Web Scan (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 29, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "2", + "object_id_int": 2, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 30, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "3", + "object_id_int": 3, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 31, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 32, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 33, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact test finding", + "description": "", + "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 34, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "stub_finding" + ], + "object_id": "7", + "object_id_int": 7, + "title": "DUMMY FINDING", + "description": "", + "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 35, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Engagement: April Monthly Engagement (Jun 30, 2021)", + "description": "", + "content": "April Monthly Engagement Requested by the team for regular manual checkup by the security team. None None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 36, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "1", + "object_id_int": 1, + "title": "BodgeIt", + "description": "", + "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up Tester Jester Bob Buster Peter Scramble high web production internal", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 37, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "4", + "object_id_int": 4, + "title": "Engagement: Static Scan (Nov 03, 2021)", + "description": "", + "content": "Static Scan Initial static scan for Bodgeit. v.1.2.0 None None Completed other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 38, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "15", + "object_id_int": 15, + "title": "Checkmarx Scan (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 39, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "8", + "object_id_int": 8, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 40, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "9", + "object_id_int": 9, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 41, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 42, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 43, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 44, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 45, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "14", + "object_id_int": 14, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 46, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "15", + "object_id_int": 15, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 47, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Hardcoded password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 48, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "17", + "object_id_int": 17, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 49, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "18", + "object_id_int": 18, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 50, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 51, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "20", + "object_id_int": 20, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 52, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Not Using a Random IV with CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 53, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Collapse of Data into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 54, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "23", + "object_id_int": 23, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 55, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "24", + "object_id_int": 24, + "title": "Hardcoded password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 56, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 57, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "26", + "object_id_int": 26, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 58, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "27", + "object_id_int": 27, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 59, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 60, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 61, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 62, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Empty Password In Connection String (product.jsp)", + "description": "", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 63, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 64, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "33", + "object_id_int": 33, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 65, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "34", + "object_id_int": 34, + "title": "Hardcoded password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 66, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "35", + "object_id_int": 35, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 67, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "36", + "object_id_int": 36, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 68, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "37", + "object_id_int": 37, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 69, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "38", + "object_id_int": 38, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 70, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "39", + "object_id_int": 39, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 71, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "40", + "object_id_int": 40, + "title": "Hardcoded password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 72, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "41", + "object_id_int": 41, + "title": "Hardcoded password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 73, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "42", + "object_id_int": 42, + "title": "Empty Password In Connection String (register.jsp)", + "description": "", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 74, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "43", + "object_id_int": 43, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 75, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "44", + "object_id_int": 44, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 76, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "45", + "object_id_int": 45, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 77, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "46", + "object_id_int": 46, + "title": "Empty Password In Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 78, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "47", + "object_id_int": 47, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 79, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "48", + "object_id_int": 48, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 80, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "49", + "object_id_int": 49, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 81, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "50", + "object_id_int": 50, + "title": "Hardcoded password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 82, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "51", + "object_id_int": 51, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 83, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "52", + "object_id_int": 52, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 84, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "53", + "object_id_int": 53, + "title": "Empty Password In Connection String (init.jsp)", + "description": "", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 85, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "54", + "object_id_int": 54, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 86, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "55", + "object_id_int": 55, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 87, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "56", + "object_id_int": 56, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 88, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "57", + "object_id_int": 57, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 89, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "58", + "object_id_int": 58, + "title": "Empty Password In Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 90, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "59", + "object_id_int": 59, + "title": "Hardcoded password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 91, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "60", + "object_id_int": 60, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 92, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "61", + "object_id_int": 61, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 93, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "62", + "object_id_int": 62, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 94, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "63", + "object_id_int": 63, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 95, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "64", + "object_id_int": 64, + "title": "Empty Password In Connection String (home.jsp)", + "description": "", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 96, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "65", + "object_id_int": 65, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 97, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "66", + "object_id_int": 66, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 98, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "67", + "object_id_int": 67, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 99, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "68", + "object_id_int": 68, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 100, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "69", + "object_id_int": 69, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 101, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "70", + "object_id_int": 70, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 102, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "71", + "object_id_int": 71, + "title": "Empty Password In Connection String (header.jsp)", + "description": "", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 103, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "72", + "object_id_int": 72, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 104, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "73", + "object_id_int": 73, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 105, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "74", + "object_id_int": 74, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 106, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "75", + "object_id_int": 75, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 107, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "76", + "object_id_int": 76, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 108, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "77", + "object_id_int": 77, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 109, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "78", + "object_id_int": 78, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 110, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "79", + "object_id_int": 79, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 111, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "80", + "object_id_int": 80, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 112, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "81", + "object_id_int": 81, + "title": "Hardcoded password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 113, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "82", + "object_id_int": 82, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 114, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "83", + "object_id_int": 83, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 115, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "84", + "object_id_int": 84, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 116, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "85", + "object_id_int": 85, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 117, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "86", + "object_id_int": 86, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 118, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "87", + "object_id_int": 87, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 119, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "88", + "object_id_int": 88, + "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 120, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "89", + "object_id_int": 89, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 121, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "90", + "object_id_int": 90, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 122, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "91", + "object_id_int": 91, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 123, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "92", + "object_id_int": 92, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 124, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "93", + "object_id_int": 93, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 125, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "94", + "object_id_int": 94, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 126, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "95", + "object_id_int": 95, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 127, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "96", + "object_id_int": 96, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 128, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "97", + "object_id_int": 97, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 129, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "98", + "object_id_int": 98, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 130, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "99", + "object_id_int": 99, + "title": "Use of Hard coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 131, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "100", + "object_id_int": 100, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 132, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "101", + "object_id_int": 101, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 133, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "102", + "object_id_int": 102, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 134, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "103", + "object_id_int": 103, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 135, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "104", + "object_id_int": 104, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 136, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "105", + "object_id_int": 105, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 137, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "106", + "object_id_int": 106, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 138, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "107", + "object_id_int": 107, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 139, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "108", + "object_id_int": 108, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 140, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "109", + "object_id_int": 109, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 141, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "110", + "object_id_int": 110, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 142, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "111", + "object_id_int": 111, + "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 143, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "112", + "object_id_int": 112, + "title": "Empty Password In Connection String (search.jsp)", + "description": "", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 144, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "113", + "object_id_int": 113, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 145, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "114", + "object_id_int": 114, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 146, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "115", + "object_id_int": 115, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 147, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "116", + "object_id_int": 116, + "title": "Hardcoded password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 148, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "117", + "object_id_int": 117, + "title": "Hardcoded password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 149, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "118", + "object_id_int": 118, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 150, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "119", + "object_id_int": 119, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 151, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "120", + "object_id_int": 120, + "title": "Empty Password In Connection String (score.jsp)", + "description": "", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 152, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "121", + "object_id_int": 121, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 153, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "122", + "object_id_int": 122, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 154, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "123", + "object_id_int": 123, + "title": "Empty Password In Connection String (login.jsp)", + "description": "", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 155, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "124", + "object_id_int": 124, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 156, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "125", + "object_id_int": 125, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 157, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "126", + "object_id_int": 126, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 158, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "127", + "object_id_int": 127, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 159, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "128", + "object_id_int": 128, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 160, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "129", + "object_id_int": 129, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 161, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "130", + "object_id_int": 130, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 162, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "131", + "object_id_int": 131, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 163, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "132", + "object_id_int": 132, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 164, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "133", + "object_id_int": 133, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 165, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "134", + "object_id_int": 134, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 166, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "135", + "object_id_int": 135, + "title": "Empty Password In Connection String (contact.jsp)", + "description": "", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 167, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "136", + "object_id_int": 136, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 168, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "137", + "object_id_int": 137, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 169, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "138", + "object_id_int": 138, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 170, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "139", + "object_id_int": 139, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 171, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Checkmarx Scan (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 172, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "140", + "object_id_int": 140, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 173, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "141", + "object_id_int": 141, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 174, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "142", + "object_id_int": 142, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 175, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "143", + "object_id_int": 143, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 176, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "144", + "object_id_int": 144, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 177, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "145", + "object_id_int": 145, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 178, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "146", + "object_id_int": 146, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 179, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "147", + "object_id_int": 147, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 180, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "148", + "object_id_int": 148, + "title": "Hardcoded password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 181, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "149", + "object_id_int": 149, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 182, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "150", + "object_id_int": 150, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 183, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "151", + "object_id_int": 151, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 184, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "152", + "object_id_int": 152, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 185, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "153", + "object_id_int": 153, + "title": "Not Using a Random IV with CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 186, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "154", + "object_id_int": 154, + "title": "Collapse of Data into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 187, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "155", + "object_id_int": 155, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 188, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "156", + "object_id_int": 156, + "title": "Hardcoded password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 189, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "157", + "object_id_int": 157, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 190, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "158", + "object_id_int": 158, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 191, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "159", + "object_id_int": 159, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 192, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "160", + "object_id_int": 160, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 193, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "161", + "object_id_int": 161, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 194, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "162", + "object_id_int": 162, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 195, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "163", + "object_id_int": 163, + "title": "Empty Password In Connection String (product.jsp)", + "description": "", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 196, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "164", + "object_id_int": 164, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 197, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "165", + "object_id_int": 165, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 198, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "166", + "object_id_int": 166, + "title": "Hardcoded password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 199, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "167", + "object_id_int": 167, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 200, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "168", + "object_id_int": 168, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 201, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "169", + "object_id_int": 169, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 202, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "170", + "object_id_int": 170, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 203, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "171", + "object_id_int": 171, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 204, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "172", + "object_id_int": 172, + "title": "Hardcoded password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 205, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "173", + "object_id_int": 173, + "title": "Hardcoded password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 206, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "174", + "object_id_int": 174, + "title": "Empty Password In Connection String (register.jsp)", + "description": "", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 207, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "175", + "object_id_int": 175, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 208, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "176", + "object_id_int": 176, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 209, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "177", + "object_id_int": 177, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 210, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "178", + "object_id_int": 178, + "title": "Empty Password In Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 211, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "179", + "object_id_int": 179, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 212, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "180", + "object_id_int": 180, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 213, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "181", + "object_id_int": 181, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 214, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "182", + "object_id_int": 182, + "title": "Hardcoded password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 215, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "183", + "object_id_int": 183, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 216, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "184", + "object_id_int": 184, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 217, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "185", + "object_id_int": 185, + "title": "Empty Password In Connection String (init.jsp)", + "description": "", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 218, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "186", + "object_id_int": 186, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 219, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "187", + "object_id_int": 187, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 220, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "188", + "object_id_int": 188, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 221, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "189", + "object_id_int": 189, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 222, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "190", + "object_id_int": 190, + "title": "Empty Password In Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 223, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "191", + "object_id_int": 191, + "title": "Hardcoded password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 224, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "192", + "object_id_int": 192, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 225, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "193", + "object_id_int": 193, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 226, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "194", + "object_id_int": 194, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 227, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "195", + "object_id_int": 195, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 228, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "196", + "object_id_int": 196, + "title": "Empty Password In Connection String (home.jsp)", + "description": "", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 229, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "197", + "object_id_int": 197, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 230, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "198", + "object_id_int": 198, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 231, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "199", + "object_id_int": 199, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 232, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "200", + "object_id_int": 200, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 233, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "201", + "object_id_int": 201, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 234, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "202", + "object_id_int": 202, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 235, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "203", + "object_id_int": 203, + "title": "Empty Password In Connection String (header.jsp)", + "description": "", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 236, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "204", + "object_id_int": 204, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 237, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "205", + "object_id_int": 205, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 238, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "206", + "object_id_int": 206, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 239, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "207", + "object_id_int": 207, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 240, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "208", + "object_id_int": 208, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 241, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "209", + "object_id_int": 209, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 242, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "210", + "object_id_int": 210, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 243, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "211", + "object_id_int": 211, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 244, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "212", + "object_id_int": 212, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 245, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "213", + "object_id_int": 213, + "title": "Hardcoded password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 246, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "214", + "object_id_int": 214, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 247, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "215", + "object_id_int": 215, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 248, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "216", + "object_id_int": 216, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 249, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "217", + "object_id_int": 217, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 250, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "218", + "object_id_int": 218, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 251, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "219", + "object_id_int": 219, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 252, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "220", + "object_id_int": 220, + "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 253, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "221", + "object_id_int": 221, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 254, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "222", + "object_id_int": 222, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 255, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "223", + "object_id_int": 223, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 256, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "224", + "object_id_int": 224, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 257, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "225", + "object_id_int": 225, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 258, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "226", + "object_id_int": 226, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 259, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "227", + "object_id_int": 227, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 260, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "228", + "object_id_int": 228, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 261, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "229", + "object_id_int": 229, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 262, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "230", + "object_id_int": 230, + "title": "HttpOnlyCookies In Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 263, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "231", + "object_id_int": 231, + "title": "Use of Hard coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 264, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "232", + "object_id_int": 232, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 265, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "233", + "object_id_int": 233, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 266, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "234", + "object_id_int": 234, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 267, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "235", + "object_id_int": 235, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 268, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "236", + "object_id_int": 236, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 269, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "237", + "object_id_int": 237, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 270, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "238", + "object_id_int": 238, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 271, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "239", + "object_id_int": 239, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 272, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "240", + "object_id_int": 240, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 273, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "241", + "object_id_int": 241, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 274, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "242", + "object_id_int": 242, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 275, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "243", + "object_id_int": 243, + "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 276, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "244", + "object_id_int": 244, + "title": "Empty Password In Connection String (search.jsp)", + "description": "", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 277, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "245", + "object_id_int": 245, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 278, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "246", + "object_id_int": 246, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 279, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "247", + "object_id_int": 247, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 280, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "248", + "object_id_int": 248, + "title": "Hardcoded password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 281, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "249", + "object_id_int": 249, + "title": "Hardcoded password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 282, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "250", + "object_id_int": 250, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 283, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "251", + "object_id_int": 251, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 284, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "252", + "object_id_int": 252, + "title": "Empty Password In Connection String (score.jsp)", + "description": "", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 285, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "253", + "object_id_int": 253, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 286, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "254", + "object_id_int": 254, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 287, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "255", + "object_id_int": 255, + "title": "Empty Password In Connection String (login.jsp)", + "description": "", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 288, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "256", + "object_id_int": 256, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 289, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "257", + "object_id_int": 257, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 290, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "258", + "object_id_int": 258, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 291, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "259", + "object_id_int": 259, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 292, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "260", + "object_id_int": 260, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 293, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "261", + "object_id_int": 261, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 294, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 295, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"    \" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 296, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "264", + "object_id_int": 264, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 297, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "265", + "object_id_int": 265, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 298, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "266", + "object_id_int": 266, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 299, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "267", + "object_id_int": 267, + "title": "Empty Password In Connection String (contact.jsp)", + "description": "", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 300, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "268", + "object_id_int": 268, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

    \");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 301, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "269", + "object_id_int": 269, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 302, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "270", + "object_id_int": 270, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 303, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "271", + "object_id_int": 271, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 304, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "272", + "object_id_int": 272, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 305, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "273", + "object_id_int": 273, + "title": "Improper Resource Access Authorization (admin.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 306, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "274", + "object_id_int": 274, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 307, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "275", + "object_id_int": 275, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 308, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 309, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 310, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "278", + "object_id_int": 278, + "title": "SQL Injection (basket.jsp)", + "description": "", + "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 311, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "notification_webhooks" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Tomcat | BodgeIt", + "description": "", + "content": "Tomcat 8.5.1 None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 312, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", + "url": "/finding/262", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 313, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", + "url": "/finding/263", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 314, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "6", + "object_id_int": 6, + "title": "Engagement: Quarterly PCI Scan (Jan 19, 2022)", + "description": "", + "content": "Quarterly PCI Scan Reccuring Quarterly Scan None None None Not Started other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 315, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "18", + "object_id_int": 18, + "title": "Qualys Scan (Jan 19, 2022)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 316, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Internal CRM App", + "description": "", + "content": "Internal CRM App * New product in development that attempts to follow all best practices Bob Builder Tester Jester None medium web construction internal", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 317, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "7", + "object_id_int": 7, + "title": "Engagement: Ad Hoc Engagement (Nov 03, 2021)", + "description": "", + "content": "Ad Hoc Engagement None None None None None threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 318, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Pen Test (Nov 03, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 319, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "279", + "object_id_int": 279, + "title": "test", + "description": "", + "content": "test No url given Info asdf adf asdf No references given S4 None None None None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 320, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "tagulous_product_tags" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Apple Accounting Software", + "description": "", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 321, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "8", + "object_id_int": 8, + "title": "Engagement: Initial Assessment (Dec 20, 2021)", + "description": "", + "content": "Initial Assessment This application needs to be assesed to determine the security posture. 10.2.1 None None Not Started other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 322, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "20", + "object_id_int": 20, + "title": "API Test (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 323, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Nmap Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 324, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Dependency Check Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 325, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "23", + "object_id_int": 23, + "title": "ZAP Scan (Dec 20, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 326, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", + "url": "/finding/276", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 327, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", + "url": "/finding/277", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 328, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Engagement: Multiple scanners (Nov 04, 2021)", + "description": "", + "content": "Multiple scanners Example engagement with multiple scan types. 1.2.1 None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 329, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Dependency Check Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 330, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "280", + "object_id_int": 280, + "title": "notepad++.exe | CVE-2007-2666", + "description": "", + "content": "notepad++.exe | CVE-2007-2666 None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None None None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 331, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "281", + "object_id_int": 281, + "title": "notepad++.exe | CVE-2008-3436", + "description": "", + "content": "notepad++.exe | CVE-2008-3436 None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None None None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 332, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "26", + "object_id_int": 26, + "title": "VCG Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 333, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "282", + "object_id_int": 282, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 334, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "283", + "object_id_int": 283, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 335, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "284", + "object_id_int": 284, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 336, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "285", + "object_id_int": 285, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 337, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "286", + "object_id_int": 286, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 338, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "287", + "object_id_int": 287, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 339, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "288", + "object_id_int": 288, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 340, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "289", + "object_id_int": 289, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 341, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "290", + "object_id_int": 290, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 342, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "291", + "object_id_int": 291, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 343, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "292", + "object_id_int": 292, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 344, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "293", + "object_id_int": 293, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 345, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "294", + "object_id_int": 294, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 346, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "295", + "object_id_int": 295, + "title": "URL Request Gets Path from Variable", + "description": "", + "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 347, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "296", + "object_id_int": 296, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 348, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "297", + "object_id_int": 297, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 349, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "298", + "object_id_int": 298, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 350, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "299", + "object_id_int": 299, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 351, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None 301 None None BodgeIt ", + "url": "/finding/301", + "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 352, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Burp Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 353, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "300", + "object_id_int": 300, + "title": "Password field with autocomplete enabled", + "description": "", + "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 354, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "4", + "object_id_int": 4, + "title": "http://localhost:8888/bodgeit/login.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/login.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 355, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "5", + "object_id_int": 5, + "title": "127.0.0.1", + "description": "", + "content": "None 127.0.0.1 None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 356, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "6", + "object_id_int": 6, + "title": "http://localhost:8888/bodgeit/register.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/register.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 357, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "7", + "object_id_int": 7, + "title": "http://localhost:8888/bodgeit/password.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/password.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 358, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 359, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888/bodgeit/", + "description": "", + "content": "http localhost:8888 None /bodgeit/ None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 360, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "9", + "object_id_int": 9, + "title": "http://localhost:8888/bodgeit/basket.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/basket.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 361, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "10", + "object_id_int": 10, + "title": "http://localhost:8888/bodgeit/advanced.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/advanced.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 362, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "11", + "object_id_int": 11, + "title": "http://localhost:8888/bodgeit/admin.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/admin.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 363, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "12", + "object_id_int": 12, + "title": "http://localhost:8888/bodgeit/about.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/about.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 364, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "13", + "object_id_int": 13, + "title": "http://localhost:8888/bodgeit/contact.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/contact.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 365, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "14", + "object_id_int": 14, + "title": "http://localhost:8888/bodgeit/home.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/home.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 366, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "15", + "object_id_int": 15, + "title": "http://localhost:8888/bodgeit/product.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/product.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 367, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "16", + "object_id_int": 16, + "title": "http://localhost:8888/bodgeit/score.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/score.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 368, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "17", + "object_id_int": 17, + "title": "http://localhost:8888/bodgeit/search.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/search.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 369, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "18", + "object_id_int": 18, + "title": "http://localhost:8888/", + "description": "", + "content": "http localhost:8888 None / None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 370, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "19", + "object_id_int": 19, + "title": "http://localhost:8888/bodgeit/logout.jsp", + "description": "", + "content": "http localhost:8888 None /bodgeit/logout.jsp None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 371, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "302", + "object_id_int": 302, + "title": "Cross-site scripting (reflected)", + "description": "", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 372, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "303", + "object_id_int": 303, + "title": "Unencrypted communications", + "description": "", + "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 373, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "304", + "object_id_int": 304, + "title": "Password returned in later response", + "description": "", + "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 374, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "305", + "object_id_int": 305, + "title": "Email addresses disclosed", + "description": "", + "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 375, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "306", + "object_id_int": 306, + "title": "Cross-site request forgery", + "description": "", + "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 376, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "307", + "object_id_int": 307, + "title": "SQL injection", + "description": "", + "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 377, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "308", + "object_id_int": 308, + "title": "Path-relative style sheet import", + "description": "", + "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 378, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "309", + "object_id_int": 309, + "title": "Cleartext submission of password", + "description": "", + "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 379, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Engagement: Manual PenTest (Dec 30, 2021)", + "description": "", + "content": "Manual PenTest Please do a manual pentest before our next release to prod. 1.9.1 None None Blocked other none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 380, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Manual Code Review (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 381, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Pen Test (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 382, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)", + "description": "", + "content": "CI/CD Baseline Security Test 1.1.2 None https://github.com/psiinon/bodgeit None Completed other none none CI/CD 89 b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6 master https://github.com/psiinon/bodgeit", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 383, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Gosec Scanner (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 384, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "310", + "object_id_int": 310, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 385, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "311", + "object_id_int": 311, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 386, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "312", + "object_id_int": 312, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 387, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "313", + "object_id_int": 313, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 388, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "314", + "object_id_int": 314, + "title": "SQL string formatting-G201", + "description": "", + "content": "SQL string formatting-G201 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None None None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 389, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "315", + "object_id_int": 315, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 390, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "316", + "object_id_int": 316, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 391, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "317", + "object_id_int": 317, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 392, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "318", + "object_id_int": 318, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 393, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "319", + "object_id_int": 319, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 394, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "320", + "object_id_int": 320, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 395, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "321", + "object_id_int": 321, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 396, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "322", + "object_id_int": 322, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 397, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "323", + "object_id_int": 323, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None None None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 398, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "324", + "object_id_int": 324, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 399, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "325", + "object_id_int": 325, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 400, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "326", + "object_id_int": 326, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 401, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "327", + "object_id_int": 327, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 402, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "328", + "object_id_int": 328, + "title": "Use of weak cryptographic primitive-G401", + "description": "", + "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 403, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "329", + "object_id_int": 329, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 404, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "330", + "object_id_int": 330, + "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", + "description": "", + "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 405, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "331", + "object_id_int": 331, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None None None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 406, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "332", + "object_id_int": 332, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 407, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "333", + "object_id_int": 333, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 408, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "334", + "object_id_int": 334, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 409, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "335", + "object_id_int": 335, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 410, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "336", + "object_id_int": 336, + "title": "Errors unhandled.-G104", + "description": "", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 411, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "337", + "object_id_int": 337, + "title": "this method will not auto-escape HTML. Verify data is well formed.-G203", + "description": "", + "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None None None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 412, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "1", + "object_id_int": 1, + "title": "http://127.0.0.1/endpoint/420/edit/", + "description": "", + "content": "http 127.0.0.1 example.com /endpoint/420/edit/ None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 413, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "2", + "object_id_int": 2, + "title": "ftp://localhost/", + "description": "", + "content": "ftp localhost www.example.com / None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 414, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "endpoint_params" + ], + "object_id": "3", + "object_id_int": 3, + "title": "ssh:127.0.0.1", + "description": "", + "content": "ssh 127.0.0.1 www.example.com None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 415, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "1", + "object_id_int": 1, + "title": "Engagement: 1st Quarter Engagement (Jun 30, 2021)", + "description": "", + "content": "1st Quarter Engagement test Engagement None None None None In Progress threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 416, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Engagement: weekly engagement (Jun 21, 2021)", + "description": "", + "content": "weekly engagement test Engagement None None None None Completed threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 417, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "3", + "object_id_int": 3, + "title": "API Test (Feb 18, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 418, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "13", + "object_id_int": 13, + "title": "API Test (Mar 21, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 419, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "engagement_presets" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)", + "description": "", + "content": "AdHoc Import - Fri, 17 Aug 2018 18:20:55 None None None None None In Progress threat_model none none Interactive None None None None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 420, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "sonarqube_issue_transition" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Burp Scan (Nov 04, 2021)", + "description": "", + "content": "", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 421, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "338", + "object_id_int": 338, + "title": "Password field with autocomplete enabled", + "description": "", + "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 422, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "339", + "object_id_int": 339, + "title": "Frameable response (potential Clickjacking)", + "description": "", + "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 423, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "340", + "object_id_int": 340, + "title": "Cross-site scripting (reflected)", + "description": "", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 424, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "341", + "object_id_int": 341, + "title": "Unencrypted communications", + "description": "", + "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 425, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "342", + "object_id_int": 342, + "title": "Password returned in later response", + "description": "", + "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 426, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "343", + "object_id_int": 343, + "title": "Email addresses disclosed", + "description": "", + "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 427, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "344", + "object_id_int": 344, + "title": "Cross-site request forgery", + "description": "", + "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 428, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "345", + "object_id_int": 345, + "title": "SQL injection", + "description": "", + "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 429, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "346", + "object_id_int": 346, + "title": "Path-relative style sheet import", + "description": "", + "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 430, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "test_import" + ], + "object_id": "347", + "object_id_int": 347, + "title": "Cleartext submission of password", + "description": "", + "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 431, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "5", + "object_id_int": 5, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 5 None None Internal CRM App 222", + "url": "/finding/5", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"222\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 432, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "4", + "object_id_int": 4, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 4 None None Internal CRM App ", + "url": "/finding/4", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 433, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "6", + "object_id_int": 6, + "title": "High Impact Test Finding", + "description": "", + "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 6 None None Internal CRM App 333", + "url": "/finding/6", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"333\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 434, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "7", + "object_id_int": 7, + "title": "Dummy Finding", + "description": "", + "content": "Dummy Finding None None http://www.example.com High TEST finding MITIGATION HIGH None None S1 None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 None None None None None None None None None None 7 http://www.example.com None Internal CRM App ", + "url": "/finding/7", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 435, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "309", + "object_id_int": 309, + "title": "Cleartext Submission of Password", + "description": "", + "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 309 None None BodgeIt ", + "url": "/finding/309", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 436, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "347", + "object_id_int": 347, + "title": "Cleartext Submission of Password", + "description": "", + "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 347 None None BodgeIt ", + "url": "/finding/347", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 437, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "302", + "object_id_int": 302, + "title": "Cross-Site Scripting (Reflected)", + "description": "", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", + "url": "/finding/302", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 438, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "340", + "object_id_int": 340, + "title": "Cross-Site Scripting (Reflected)", + "description": "", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", + "url": "/finding/340", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 439, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "345", + "object_id_int": 345, + "title": "SQL Injection", + "description": "", + "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 345 None None BodgeIt ", + "url": "/finding/345", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 440, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "307", + "object_id_int": 307, + "title": "SQL Injection", + "description": "", + "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 307 None None BodgeIt ", + "url": "/finding/307", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 441, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "280", + "object_id_int": 280, + "title": "Notepad++.exe | CVE-2007-2666", + "description": "", + "content": "Notepad++.exe | CVE-2007-2666 None None None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe None None None None None None None None None None 280 None None BodgeIt ", + "url": "/finding/280", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 442, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "281", + "object_id_int": 281, + "title": "Notepad++.exe | CVE-2008-3436", + "description": "", + "content": "Notepad++.exe | CVE-2008-3436 None None None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe None None None None None None None None None None 281 None None BodgeIt ", + "url": "/finding/281", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 443, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "145", + "object_id_int": 145, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", + "url": "/finding/145", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 444, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "13", + "object_id_int": 13, + "title": "Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", + "url": "/finding/13", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 445, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "2", + "object_id_int": 2, + "title": "Internal CRM App", + "description": "", + "content": "Internal CRM App * New product in development that attempts to follow all best practices medium web construction internal 2 Commerce", + "url": "/product/2", + "meta_encoded": "{\"prod_type__name\": \"Commerce\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 446, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "60", + "object_id_int": 60, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/60", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 447, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "192", + "object_id_int": 192, + "title": "Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/192", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 448, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "276", + "object_id_int": 276, + "title": "Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", + "url": "/finding/276", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 449, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "65", + "object_id_int": 65, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", + "url": "/finding/65", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 450, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "197", + "object_id_int": 197, + "title": "Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", + "url": "/finding/197", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 451, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "217", + "object_id_int": 217, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", + "url": "/finding/217", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 452, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "85", + "object_id_int": 85, + "title": "Reflected XSS All Clients (search.jsp)", + "description": "", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", + "url": "/finding/85", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 453, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "278", + "object_id_int": 278, + "title": "SQL Injection (basket.jsp)", + "description": "", + "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", + "url": "/finding/278", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 454, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "45", + "object_id_int": 45, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", + "url": "/finding/45", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 455, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "177", + "object_id_int": 177, + "title": "SQL Injection (login.jsp)", + "description": "", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", + "url": "/finding/177", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 456, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "18", + "object_id_int": 18, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", + "url": "/finding/18", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 457, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "150", + "object_id_int": 150, + "title": "SQL Injection (password.jsp)", + "description": "", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", + "url": "/finding/150", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 458, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "8", + "object_id_int": 8, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", + "url": "/finding/8", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 459, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "140", + "object_id_int": 140, + "title": "SQL Injection (register.jsp)", + "description": "", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", + "url": "/finding/140", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 460, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "51", + "object_id_int": 51, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", + "url": "/finding/51", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 461, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "183", + "object_id_int": 183, + "title": "Stored XSS (admin.jsp)", + "description": "", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", + "url": "/finding/183", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 462, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "151", + "object_id_int": 151, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", + "url": "/finding/151", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 463, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "19", + "object_id_int": 19, + "title": "Stored XSS (basket.jsp)", + "description": "", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", + "url": "/finding/19", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 464, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "258", + "object_id_int": 258, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", + "url": "/finding/258", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 465, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "126", + "object_id_int": 126, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", + "url": "/finding/126", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 466, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "90", + "object_id_int": 90, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", + "url": "/finding/90", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 467, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "222", + "object_id_int": 222, + "title": "Stored XSS (contact.jsp)", + "description": "", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", + "url": "/finding/222", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 468, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "63", + "object_id_int": 63, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", + "url": "/finding/63", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 469, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "195", + "object_id_int": 195, + "title": "Stored XSS (home.jsp)", + "description": "", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", + "url": "/finding/195", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 470, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "263", + "object_id_int": 263, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", + "url": "/finding/263", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 471, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "131", + "object_id_int": 131, + "title": "Stored XSS (product.jsp)", + "description": "", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", + "url": "/finding/131", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 472, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "234", + "object_id_int": 234, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", + "url": "/finding/234", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 473, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "102", + "object_id_int": 102, + "title": "Stored XSS (score.jsp)", + "description": "", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", + "url": "/finding/102", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 474, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "189", + "object_id_int": 189, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", + "url": "/finding/189", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 475, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "57", + "object_id_int": 57, + "title": "Stored XSS (search.jsp)", + "description": "", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", + "url": "/finding/57", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 476, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "288", + "object_id_int": 288, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 288 None None BodgeIt ", + "url": "/finding/288", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 477, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "283", + "object_id_int": 283, + "title": ".NET Debugging Enabled", + "description": "", + "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 283 None None BodgeIt ", + "url": "/finding/283", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 478, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "315", + "object_id_int": 315, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 315 N/A None BodgeIt ", + "url": "/finding/315", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 479, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "1", + "object_id_int": 1, + "title": "BodgeIt", + "description": "", + "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up high web production internal 1 Commerce", + "url": "/product/1", + "meta_encoded": "{\"prod_type__name\": \"Commerce\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 480, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "329", + "object_id_int": 329, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 329 N/A None BodgeIt ", + "url": "/finding/329", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 481, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "330", + "object_id_int": 330, + "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", + "description": "", + "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 330 N/A None BodgeIt ", + "url": "/finding/330", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 482, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "342", + "object_id_int": 342, + "title": "Password Returned in Later Response", + "description": "", + "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 342 None None BodgeIt ", + "url": "/finding/342", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 483, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "304", + "object_id_int": 304, + "title": "Password Returned in Later Response", + "description": "", + "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 304 None None BodgeIt ", + "url": "/finding/304", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 484, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "314", + "object_id_int": 314, + "title": "SQL String Formatting-G201", + "description": "", + "content": "SQL String Formatting-G201 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go None None None None None None None None None None 314 N/A None BodgeIt ", + "url": "/finding/314", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 485, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "328", + "object_id_int": 328, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 328 N/A None BodgeIt ", + "url": "/finding/328", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 486, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "319", + "object_id_int": 319, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 319 N/A None BodgeIt ", + "url": "/finding/319", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 487, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "318", + "object_id_int": 318, + "title": "Use of Weak Cryptographic Primitive-G401", + "description": "", + "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 318 N/A None BodgeIt ", + "url": "/finding/318", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 488, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "333", + "object_id_int": 333, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 333 N/A None BodgeIt ", + "url": "/finding/333", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 489, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "337", + "object_id_int": 337, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 337 N/A None BodgeIt ", + "url": "/finding/337", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 490, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "310", + "object_id_int": 310, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 310 N/A None BodgeIt ", + "url": "/finding/310", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 491, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "325", + "object_id_int": 325, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 325 N/A None BodgeIt ", + "url": "/finding/325", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 492, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "311", + "object_id_int": 311, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 311 N/A None BodgeIt ", + "url": "/finding/311", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 493, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "324", + "object_id_int": 324, + "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", + "description": "", + "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 324 N/A None BodgeIt ", + "url": "/finding/324", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 494, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "101", + "object_id_int": 101, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", + "url": "/finding/101", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 495, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "233", + "object_id_int": 233, + "title": "CGI Reflected XSS All Clients (basket.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", + "url": "/finding/233", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 496, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "134", + "object_id_int": 134, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/134", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 497, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "266", + "object_id_int": 266, + "title": "CGI Reflected XSS All Clients (contact.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/266", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 498, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "170", + "object_id_int": 170, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", + "url": "/finding/170", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 499, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "38", + "object_id_int": 38, + "title": "CGI Reflected XSS All Clients (login.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", + "url": "/finding/38", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 500, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "15", + "object_id_int": 15, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", + "url": "/finding/15", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 501, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "147", + "object_id_int": 147, + "title": "CGI Reflected XSS All Clients (register.jsp)", + "description": "", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", + "url": "/finding/147", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 502, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "223", + "object_id_int": 223, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", + "url": "/finding/223", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 503, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "91", + "object_id_int": 91, + "title": "CGI Stored XSS (admin.jsp)", + "description": "", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", + "url": "/finding/91", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 504, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "82", + "object_id_int": 82, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", + "url": "/finding/82", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 505, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "214", + "object_id_int": 214, + "title": "CGI Stored XSS (basket.jsp)", + "description": "", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", + "url": "/finding/214", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 506, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "96", + "object_id_int": 96, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", + "url": "/finding/96", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 507, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "228", + "object_id_int": 228, + "title": "CGI Stored XSS (header.jsp)", + "description": "", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", + "url": "/finding/228", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 508, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "152", + "object_id_int": 152, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", + "url": "/finding/152", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 509, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "20", + "object_id_int": 20, + "title": "CGI Stored XSS (home.jsp)", + "description": "", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", + "url": "/finding/20", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 510, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "207", + "object_id_int": 207, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", + "url": "/finding/207", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 511, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "75", + "object_id_int": 75, + "title": "CGI Stored XSS (product.jsp)", + "description": "", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", + "url": "/finding/75", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 512, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "179", + "object_id_int": 179, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", + "url": "/finding/179", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 513, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "47", + "object_id_int": 47, + "title": "CGI Stored XSS (score.jsp)", + "description": "", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", + "url": "/finding/47", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 514, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "165", + "object_id_int": 165, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", + "url": "/finding/165", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 515, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "33", + "object_id_int": 33, + "title": "Client Cross Frame Scripting Attack (advanced.jsp)", + "description": "", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", + "url": "/finding/33", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 516, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "52", + "object_id_int": 52, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", + "url": "/finding/52", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 517, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "184", + "object_id_int": 184, + "title": "Download of Code Without Integrity Check (admin.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", + "url": "/finding/184", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 518, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "138", + "object_id_int": 138, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", + "url": "/finding/138", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 519, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "270", + "object_id_int": 270, + "title": "Download of Code Without Integrity Check (advanced.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", + "url": "/finding/270", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 520, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "272", + "object_id_int": 272, + "title": "Download of Code Without Integrity Check (basket.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", + "url": "/finding/272", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 521, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "77", + "object_id_int": 77, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", + "url": "/finding/77", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 522, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "209", + "object_id_int": 209, + "title": "Download of Code Without Integrity Check (header.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", + "url": "/finding/209", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 523, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "175", + "object_id_int": 175, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", + "url": "/finding/175", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 524, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "43", + "object_id_int": 43, + "title": "Download of Code Without Integrity Check (home.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", + "url": "/finding/43", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 525, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "141", + "object_id_int": 141, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", + "url": "/finding/141", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 526, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "9", + "object_id_int": 9, + "title": "Download of Code Without Integrity Check (login.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", + "url": "/finding/9", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 527, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "199", + "object_id_int": 199, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", + "url": "/finding/199", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 528, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "67", + "object_id_int": 67, + "title": "Download of Code Without Integrity Check (password.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", + "url": "/finding/67", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 529, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "187", + "object_id_int": 187, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", + "url": "/finding/187", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 530, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "55", + "object_id_int": 55, + "title": "Download of Code Without Integrity Check (product.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", + "url": "/finding/55", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 531, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "62", + "object_id_int": 62, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", + "url": "/finding/62", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 532, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "194", + "object_id_int": 194, + "title": "Download of Code Without Integrity Check (register.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", + "url": "/finding/194", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 533, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "200", + "object_id_int": 200, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", + "url": "/finding/200", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 534, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "68", + "object_id_int": 68, + "title": "Download of Code Without Integrity Check (score.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", + "url": "/finding/68", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 535, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "110", + "object_id_int": 110, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", + "url": "/finding/110", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 536, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "242", + "object_id_int": 242, + "title": "Download of Code Without Integrity Check (search.jsp)", + "description": "", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", + "url": "/finding/242", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 537, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "117", + "object_id_int": 117, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", + "url": "/finding/117", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 538, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "249", + "object_id_int": 249, + "title": "Hardcoded Password in Connection String (advanced.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", + "url": "/finding/249", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 539, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "50", + "object_id_int": 50, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", + "url": "/finding/50", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 540, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "182", + "object_id_int": 182, + "title": "Hardcoded Password in Connection String (basket.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", + "url": "/finding/182", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 541, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "40", + "object_id_int": 40, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", + "url": "/finding/40", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 542, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "172", + "object_id_int": 172, + "title": "Hardcoded Password in Connection String (contact.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", + "url": "/finding/172", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 543, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "173", + "object_id_int": 173, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", + "url": "/finding/173", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 544, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "41", + "object_id_int": 41, + "title": "Hardcoded Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", + "url": "/finding/41", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 545, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "24", + "object_id_int": 24, + "title": "Hardcoded Password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", + "url": "/finding/24", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 546, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "156", + "object_id_int": 156, + "title": "Hardcoded Password in Connection String (home.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", + "url": "/finding/156", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 547, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "59", + "object_id_int": 59, + "title": "Hardcoded Password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", + "url": "/finding/59", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 548, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "191", + "object_id_int": 191, + "title": "Hardcoded Password in Connection String (init.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", + "url": "/finding/191", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 549, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "248", + "object_id_int": 248, + "title": "Hardcoded Password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", + "url": "/finding/248", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 550, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "116", + "object_id_int": 116, + "title": "Hardcoded Password in Connection String (login.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", + "url": "/finding/116", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 551, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "34", + "object_id_int": 34, + "title": "Hardcoded Password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", + "url": "/finding/34", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 552, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "166", + "object_id_int": 166, + "title": "Hardcoded Password in Connection String (password.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", + "url": "/finding/166", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 553, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "148", + "object_id_int": 148, + "title": "Hardcoded Password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", + "url": "/finding/148", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 554, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "16", + "object_id_int": 16, + "title": "Hardcoded Password in Connection String (product.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", + "url": "/finding/16", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 555, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "81", + "object_id_int": 81, + "title": "Hardcoded Password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", + "url": "/finding/81", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 556, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "213", + "object_id_int": 213, + "title": "Hardcoded Password in Connection String (search.jsp)", + "description": "", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", + "url": "/finding/213", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 557, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "265", + "object_id_int": 265, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", + "url": "/finding/265", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 558, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "133", + "object_id_int": 133, + "title": "Heap Inspection (init.jsp)", + "description": "", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", + "url": "/finding/133", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 559, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "54", + "object_id_int": 54, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", + "url": "/finding/54", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 560, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "186", + "object_id_int": 186, + "title": "Heap Inspection (login.jsp)", + "description": "", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", + "url": "/finding/186", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 561, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "26", + "object_id_int": 26, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", + "url": "/finding/26", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 562, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "158", + "object_id_int": 158, + "title": "Heap Inspection (password.jsp)", + "description": "", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", + "url": "/finding/158", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 563, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "92", + "object_id_int": 92, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", + "url": "/finding/92", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 564, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "224", + "object_id_int": 224, + "title": "Heap Inspection (register.jsp)", + "description": "", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", + "url": "/finding/224", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 565, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "193", + "object_id_int": 193, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", + "url": "/finding/193", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 566, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "61", + "object_id_int": 61, + "title": "HttpOnlyCookies (basket.jsp)", + "description": "", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", + "url": "/finding/61", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 567, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "259", + "object_id_int": 259, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", + "url": "/finding/259", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 568, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "127", + "object_id_int": 127, + "title": "HttpOnlyCookies (login.jsp)", + "description": "", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", + "url": "/finding/127", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 569, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "14", + "object_id_int": 14, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", + "url": "/finding/14", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 570, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "146", + "object_id_int": 146, + "title": "HttpOnlyCookies (register.jsp)", + "description": "", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", + "url": "/finding/146", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 571, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "98", + "object_id_int": 98, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", + "url": "/finding/98", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 572, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "230", + "object_id_int": 230, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", + "url": "/finding/230", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 573, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "167", + "object_id_int": 167, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", + "url": "/finding/167", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 574, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "35", + "object_id_int": 35, + "title": "HttpOnlyCookies in Config (web.xml)", + "description": "", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", + "url": "/finding/35", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 575, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "56", + "object_id_int": 56, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", + "url": "/finding/56", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 576, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "188", + "object_id_int": 188, + "title": "Session Fixation (AdvancedSearch.java)", + "description": "", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", + "url": "/finding/188", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 577, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "247", + "object_id_int": 247, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", + "url": "/finding/247", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 578, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "115", + "object_id_int": 115, + "title": "Session Fixation (logout.jsp)", + "description": "", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", + "url": "/finding/115", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 579, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "28", + "object_id_int": 28, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", + "url": "/finding/28", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 580, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "160", + "object_id_int": 160, + "title": "Trust Boundary Violation (login.jsp)", + "description": "", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", + "url": "/finding/160", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 581, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "274", + "object_id_int": 274, + "title": "Use of Cryptographically Weak PRNG (contact.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", + "url": "/finding/274", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 582, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "159", + "object_id_int": 159, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", + "url": "/finding/159", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 583, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "27", + "object_id_int": 27, + "title": "Use of Cryptographically Weak PRNG (home.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", + "url": "/finding/27", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 584, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "206", + "object_id_int": 206, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", + "url": "/finding/206", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 585, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "74", + "object_id_int": 74, + "title": "Use of Cryptographically Weak PRNG (init.jsp)", + "description": "", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", + "url": "/finding/74", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 586, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "99", + "object_id_int": 99, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", + "url": "/finding/99", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 587, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "231", + "object_id_int": 231, + "title": "Use of Hard Coded Cryptographic Key (AES.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", + "url": "/finding/231", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 588, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "88", + "object_id_int": 88, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", + "url": "/finding/88", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 589, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "220", + "object_id_int": 220, + "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", + "description": "", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", + "url": "/finding/220", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 590, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "257", + "object_id_int": 257, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", + "url": "/finding/257", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 591, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "125", + "object_id_int": 125, + "title": "Use of Insufficiently Random Values (contact.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", + "url": "/finding/125", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 592, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "277", + "object_id_int": 277, + "title": "Use of Insufficiently Random Values (home.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", + "url": "/finding/277", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 593, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "83", + "object_id_int": 83, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", + "url": "/finding/83", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 594, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "215", + "object_id_int": 215, + "title": "Use of Insufficiently Random Values (init.jsp)", + "description": "", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", + "url": "/finding/215", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 595, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "269", + "object_id_int": 269, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", + "url": "/finding/269", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 596, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "137", + "object_id_int": 137, + "title": "XSRF (password.jsp)", + "description": "", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", + "url": "/finding/137", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 597, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "323", + "object_id_int": 323, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go None None None None None None None None None None 323 N/A None BodgeIt ", + "url": "/finding/323", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 598, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "332", + "object_id_int": 332, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 332 N/A None BodgeIt ", + "url": "/finding/332", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 599, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "321", + "object_id_int": 321, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 321 N/A None BodgeIt ", + "url": "/finding/321", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 600, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "326", + "object_id_int": 326, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", + "url": "/finding/326", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 601, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "327", + "object_id_int": 327, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 327 N/A None BodgeIt ", + "url": "/finding/327", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 602, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "317", + "object_id_int": 317, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 317 N/A None BodgeIt ", + "url": "/finding/317", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 603, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "313", + "object_id_int": 313, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 313 N/A None BodgeIt ", + "url": "/finding/313", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 604, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "320", + "object_id_int": 320, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 320 N/A None BodgeIt ", + "url": "/finding/320", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 605, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "312", + "object_id_int": 312, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 312 N/A None BodgeIt ", + "url": "/finding/312", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 606, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "316", + "object_id_int": 316, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 316 N/A None BodgeIt ", + "url": "/finding/316", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 607, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "331", + "object_id_int": 331, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go None None None None None None None None None None 331 N/A None BodgeIt ", + "url": "/finding/331", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 608, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "336", + "object_id_int": 336, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 336 N/A None BodgeIt ", + "url": "/finding/336", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 609, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "322", + "object_id_int": 322, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 322 N/A None BodgeIt ", + "url": "/finding/322", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 610, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "335", + "object_id_int": 335, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 335 N/A None BodgeIt ", + "url": "/finding/335", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 611, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "334", + "object_id_int": 334, + "title": "Errors Unhandled.-G104", + "description": "", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 334 N/A None BodgeIt ", + "url": "/finding/334", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 612, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "300", + "object_id_int": 300, + "title": "Password Field With Autocomplete Enabled", + "description": "", + "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 300 None None BodgeIt ", + "url": "/finding/300", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 613, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "338", + "object_id_int": 338, + "title": "Password Field With Autocomplete Enabled", + "description": "", + "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 338 None None BodgeIt ", + "url": "/finding/338", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 614, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "284", + "object_id_int": 284, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 284 None None BodgeIt ", + "url": "/finding/284", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 615, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "295", + "object_id_int": 295, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 295 None None BodgeIt ", + "url": "/finding/295", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 616, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "292", + "object_id_int": 292, + "title": "URL Request Gets Path From Variable", + "description": "", + "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 292 None None BodgeIt ", + "url": "/finding/292", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 617, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "303", + "object_id_int": 303, + "title": "Unencrypted Communications", + "description": "", + "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 303 None None BodgeIt ", + "url": "/finding/303", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 618, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "341", + "object_id_int": 341, + "title": "Unencrypted Communications", + "description": "", + "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 341 None None BodgeIt ", + "url": "/finding/341", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 619, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "229", + "object_id_int": 229, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", + "url": "/finding/229", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 620, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "97", + "object_id_int": 97, + "title": "Blind SQL Injections (basket.jsp)", + "description": "", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", + "url": "/finding/97", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 621, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "79", + "object_id_int": 79, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", + "url": "/finding/79", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 622, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "211", + "object_id_int": 211, + "title": "Blind SQL Injections (login.jsp)", + "description": "", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", + "url": "/finding/211", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 623, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "157", + "object_id_int": 157, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", + "url": "/finding/157", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 624, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "25", + "object_id_int": 25, + "title": "Blind SQL Injections (password.jsp)", + "description": "", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", + "url": "/finding/25", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 625, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "240", + "object_id_int": 240, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", + "url": "/finding/240", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 626, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "108", + "object_id_int": 108, + "title": "Blind SQL Injections (register.jsp)", + "description": "", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", + "url": "/finding/108", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 627, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "80", + "object_id_int": 80, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", + "url": "/finding/80", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 628, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "212", + "object_id_int": 212, + "title": "Client DOM Open Redirect (advanced.jsp)", + "description": "", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", + "url": "/finding/212", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 629, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "149", + "object_id_int": 149, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", + "url": "/finding/149", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 630, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "17", + "object_id_int": 17, + "title": "Client Insecure Randomness (encryption.js)", + "description": "", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", + "url": "/finding/17", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 631, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "22", + "object_id_int": 22, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/22", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 632, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "154", + "object_id_int": 154, + "title": "Collapse of Data Into Unsafe Value (contact.jsp)", + "description": "", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "url": "/finding/154", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 633, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "178", + "object_id_int": 178, + "title": "Empty Password in Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", + "url": "/finding/178", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 634, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "46", + "object_id_int": 46, + "title": "Empty Password in Connection String (advanced.jsp)", + "description": "", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", + "url": "/finding/46", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 635, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "267", + "object_id_int": 267, + "title": "Empty Password in Connection String (contact.jsp)", + "description": "", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", + "url": "/finding/267", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 636, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "135", + "object_id_int": 135, + "title": "Empty Password in Connection String (contact.jsp)", + "description": "", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", + "url": "/finding/135", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 637, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "190", + "object_id_int": 190, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", + "url": "/finding/190", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 638, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "58", + "object_id_int": 58, + "title": "Empty Password in Connection String (dbconnection.jspf)", + "description": "", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", + "url": "/finding/58", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 639, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "71", + "object_id_int": 71, + "title": "Empty Password in Connection String (header.jsp)", + "description": "", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", + "url": "/finding/71", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 640, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "203", + "object_id_int": 203, + "title": "Empty Password in Connection String (header.jsp)", + "description": "", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", + "url": "/finding/203", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 641, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "64", + "object_id_int": 64, + "title": "Empty Password in Connection String (home.jsp)", + "description": "", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", + "url": "/finding/64", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 642, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "196", + "object_id_int": 196, + "title": "Empty Password in Connection String (home.jsp)", + "description": "", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", + "url": "/finding/196", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 643, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "53", + "object_id_int": 53, + "title": "Empty Password in Connection String (init.jsp)", + "description": "", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", + "url": "/finding/53", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 644, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "185", + "object_id_int": 185, + "title": "Empty Password in Connection String (init.jsp)", + "description": "", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", + "url": "/finding/185", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 645, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "123", + "object_id_int": 123, + "title": "Empty Password in Connection String (login.jsp)", + "description": "", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", + "url": "/finding/123", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 646, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "255", + "object_id_int": 255, + "title": "Empty Password in Connection String (login.jsp)", + "description": "", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", + "url": "/finding/255", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 647, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "31", + "object_id_int": 31, + "title": "Empty Password in Connection String (product.jsp)", + "description": "", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", + "url": "/finding/31", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 648, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "163", + "object_id_int": 163, + "title": "Empty Password in Connection String (product.jsp)", + "description": "", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", + "url": "/finding/163", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 649, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "42", + "object_id_int": 42, + "title": "Empty Password in Connection String (register.jsp)", + "description": "", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", + "url": "/finding/42", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 650, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "174", + "object_id_int": 174, + "title": "Empty Password in Connection String (register.jsp)", + "description": "", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", + "url": "/finding/174", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 651, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "120", + "object_id_int": 120, + "title": "Empty Password in Connection String (score.jsp)", + "description": "", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", + "url": "/finding/120", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 652, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "252", + "object_id_int": 252, + "title": "Empty Password in Connection String (score.jsp)", + "description": "", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", + "url": "/finding/252", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 653, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "244", + "object_id_int": 244, + "title": "Empty Password in Connection String (search.jsp)", + "description": "", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", + "url": "/finding/244", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 654, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "112", + "object_id_int": 112, + "title": "Empty Password in Connection String (search.jsp)", + "description": "", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", + "url": "/finding/112", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 655, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "204", + "object_id_int": 204, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", + "url": "/finding/204", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 656, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "72", + "object_id_int": 72, + "title": "Improper Resource Access Authorization (FunctionalZAP.java)", + "description": "", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", + "url": "/finding/72", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 657, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "273", + "object_id_int": 273, + "title": "Improper Resource Access Authorization (admin.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", + "url": "/finding/273", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 658, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "201", + "object_id_int": 201, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", + "url": "/finding/201", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 659, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "69", + "object_id_int": 69, + "title": "Improper Resource Access Authorization (basket.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", + "url": "/finding/69", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 660, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "119", + "object_id_int": 119, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", + "url": "/finding/119", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 661, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "251", + "object_id_int": 251, + "title": "Improper Resource Access Authorization (header.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", + "url": "/finding/251", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 662, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "237", + "object_id_int": 237, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", + "url": "/finding/237", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 663, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "105", + "object_id_int": 105, + "title": "Improper Resource Access Authorization (home.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", + "url": "/finding/105", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 664, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "95", + "object_id_int": 95, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", + "url": "/finding/95", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 665, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "227", + "object_id_int": 227, + "title": "Improper Resource Access Authorization (init.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", + "url": "/finding/227", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 666, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "250", + "object_id_int": 250, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", + "url": "/finding/250", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 667, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "118", + "object_id_int": 118, + "title": "Improper Resource Access Authorization (login.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", + "url": "/finding/118", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 668, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "32", + "object_id_int": 32, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", + "url": "/finding/32", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 669, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "164", + "object_id_int": 164, + "title": "Improper Resource Access Authorization (password.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", + "url": "/finding/164", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 670, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "198", + "object_id_int": 198, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", + "url": "/finding/198", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 671, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "66", + "object_id_int": 66, + "title": "Improper Resource Access Authorization (product.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", + "url": "/finding/66", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 672, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "271", + "object_id_int": 271, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", + "url": "/finding/271", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 673, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "139", + "object_id_int": 139, + "title": "Improper Resource Access Authorization (register.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", + "url": "/finding/139", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 674, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "246", + "object_id_int": 246, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", + "url": "/finding/246", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 675, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "114", + "object_id_int": 114, + "title": "Improper Resource Access Authorization (score.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", + "url": "/finding/114", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 676, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "104", + "object_id_int": 104, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", + "url": "/finding/104", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 677, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "236", + "object_id_int": 236, + "title": "Improper Resource Access Authorization (search.jsp)", + "description": "", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", + "url": "/finding/236", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 678, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "36", + "object_id_int": 36, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", + "url": "/finding/36", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 679, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "168", + "object_id_int": 168, + "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)", + "description": "", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", + "url": "/finding/168", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 680, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "106", + "object_id_int": 106, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", + "url": "/finding/106", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 681, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "238", + "object_id_int": 238, + "title": "Improper Resource Shutdown or Release (admin.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", + "url": "/finding/238", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 682, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "245", + "object_id_int": 245, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", + "url": "/finding/245", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 683, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "132", + "object_id_int": 132, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", + "url": "/finding/132", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 684, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "210", + "object_id_int": 210, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", + "url": "/finding/210", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 685, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "113", + "object_id_int": 113, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", + "url": "/finding/113", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 686, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "78", + "object_id_int": 78, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", + "url": "/finding/78", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 687, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "264", + "object_id_int": 264, + "title": "Improper Resource Shutdown or Release (basket.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", + "url": "/finding/264", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 688, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "275", + "object_id_int": 275, + "title": "Improper Resource Shutdown or Release (contact.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", + "url": "/finding/275", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 689, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "144", + "object_id_int": 144, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", + "url": "/finding/144", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 690, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "12", + "object_id_int": 12, + "title": "Improper Resource Shutdown or Release (home.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", + "url": "/finding/12", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 691, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "76", + "object_id_int": 76, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", + "url": "/finding/76", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 692, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "208", + "object_id_int": 208, + "title": "Improper Resource Shutdown or Release (init.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", + "url": "/finding/208", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 693, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "253", + "object_id_int": 253, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", + "url": "/finding/253", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 694, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "121", + "object_id_int": 121, + "title": "Improper Resource Shutdown or Release (password.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", + "url": "/finding/121", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 695, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "122", + "object_id_int": 122, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", + "url": "/finding/122", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 696, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "254", + "object_id_int": 254, + "title": "Improper Resource Shutdown or Release (product.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", + "url": "/finding/254", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 697, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "232", + "object_id_int": 232, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", + "url": "/finding/232", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 698, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "100", + "object_id_int": 100, + "title": "Improper Resource Shutdown or Release (score.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", + "url": "/finding/100", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 699, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "93", + "object_id_int": 93, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", + "url": "/finding/93", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 700, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "225", + "object_id_int": 225, + "title": "Improper Resource Shutdown or Release (search.jsp)", + "description": "", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", + "url": "/finding/225", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 701, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "143", + "object_id_int": 143, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", + "url": "/finding/143", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 702, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "11", + "object_id_int": 11, + "title": "Information Exposure Through an Error Message (AdvancedSearch.java)", + "description": "", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", + "url": "/finding/11", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 703, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "29", + "object_id_int": 29, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", + "url": "/finding/29", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 704, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "161", + "object_id_int": 161, + "title": "Information Exposure Through an Error Message (admin.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", + "url": "/finding/161", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 705, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "235", + "object_id_int": 235, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", + "url": "/finding/235", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 706, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "103", + "object_id_int": 103, + "title": "Information Exposure Through an Error Message (basket.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", + "url": "/finding/103", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 707, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "49", + "object_id_int": 49, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", + "url": "/finding/49", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 708, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "181", + "object_id_int": 181, + "title": "Information Exposure Through an Error Message (contact.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", + "url": "/finding/181", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 709, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "129", + "object_id_int": 129, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", + "url": "/finding/129", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 710, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "261", + "object_id_int": 261, + "title": "Information Exposure Through an Error Message (header.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", + "url": "/finding/261", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 711, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "176", + "object_id_int": 176, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", + "url": "/finding/176", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 712, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "44", + "object_id_int": 44, + "title": "Information Exposure Through an Error Message (home.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", + "url": "/finding/44", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 713, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "256", + "object_id_int": 256, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", + "url": "/finding/256", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 714, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "124", + "object_id_int": 124, + "title": "Information Exposure Through an Error Message (login.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", + "url": "/finding/124", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 715, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "136", + "object_id_int": 136, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", + "url": "/finding/136", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 716, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "268", + "object_id_int": 268, + "title": "Information Exposure Through an Error Message (product.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", + "url": "/finding/268", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 717, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "94", + "object_id_int": 94, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", + "url": "/finding/94", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 718, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "226", + "object_id_int": 226, + "title": "Information Exposure Through an Error Message (register.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", + "url": "/finding/226", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 719, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "219", + "object_id_int": 219, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", + "url": "/finding/219", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 720, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "87", + "object_id_int": 87, + "title": "Information Exposure Through an Error Message (score.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", + "url": "/finding/87", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 721, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "107", + "object_id_int": 107, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", + "url": "/finding/107", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 722, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "239", + "object_id_int": 239, + "title": "Information Exposure Through an Error Message (search.jsp)", + "description": "", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", + "url": "/finding/239", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 723, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "84", + "object_id_int": 84, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", + "url": "/finding/84", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 724, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "142", + "object_id_int": 142, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", + "url": "/finding/142", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 725, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "216", + "object_id_int": 216, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", + "url": "/finding/216", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 726, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "10", + "object_id_int": 10, + "title": "Missing X Frame Options (web.xml)", + "description": "", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", + "url": "/finding/10", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 727, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "153", + "object_id_int": 153, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", + "url": "/finding/153", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 728, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "21", + "object_id_int": 21, + "title": "Not Using a Random IV With CBC Mode (AES.java)", + "description": "", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", + "url": "/finding/21", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 729, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "180", + "object_id_int": 180, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", + "url": "/finding/180", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 730, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "48", + "object_id_int": 48, + "title": "Plaintext Storage in a Cookie (basket.jsp)", + "description": "", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", + "url": "/finding/48", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 731, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "70", + "object_id_int": 70, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", + "url": "/finding/70", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 732, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "202", + "object_id_int": 202, + "title": "Race Condition Format Flaw (basket.jsp)", + "description": "", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", + "url": "/finding/202", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 733, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "130", + "object_id_int": 130, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", + "url": "/finding/130", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 734, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "262", + "object_id_int": 262, + "title": "Race Condition Format Flaw (product.jsp)", + "description": "", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", + "url": "/finding/262", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 735, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "30", + "object_id_int": 30, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", + "url": "/finding/30", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 736, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "162", + "object_id_int": 162, + "title": "Reliance on Cookies in a Decision (basket.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", + "url": "/finding/162", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 737, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "109", + "object_id_int": 109, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", + "url": "/finding/109", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 738, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "241", + "object_id_int": 241, + "title": "Reliance on Cookies in a Decision (login.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", + "url": "/finding/241", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 739, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "221", + "object_id_int": 221, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", + "url": "/finding/221", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 740, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "89", + "object_id_int": 89, + "title": "Reliance on Cookies in a Decision (register.jsp)", + "description": "", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", + "url": "/finding/89", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 741, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "218", + "object_id_int": 218, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", + "url": "/finding/218", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 742, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "86", + "object_id_int": 86, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", + "url": "/finding/86", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 743, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "37", + "object_id_int": 37, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", + "url": "/finding/37", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 744, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "169", + "object_id_int": 169, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", + "url": "/finding/169", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 745, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "128", + "object_id_int": 128, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", + "url": "/finding/128", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 746, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "260", + "object_id_int": 260, + "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", + "description": "", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", + "url": "/finding/260", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 747, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "23", + "object_id_int": 23, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", + "url": "/finding/23", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 748, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "155", + "object_id_int": 155, + "title": "Stored Boundary Violation (login.jsp)", + "description": "", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", + "url": "/finding/155", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 749, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "205", + "object_id_int": 205, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", + "url": "/finding/205", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 750, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "73", + "object_id_int": 73, + "title": "Suspected XSS (contact.jsp)", + "description": "", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", + "url": "/finding/73", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 751, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "171", + "object_id_int": 171, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", + "url": "/finding/171", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 752, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "39", + "object_id_int": 39, + "title": "Suspected XSS (password.jsp)", + "description": "", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", + "url": "/finding/39", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 753, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "243", + "object_id_int": 243, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", + "url": "/finding/243", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 754, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "111", + "object_id_int": 111, + "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", + "description": "", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", + "url": "/finding/111", + "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 755, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "282", + "object_id_int": 282, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 282 None None BodgeIt ", + "url": "/finding/282", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 756, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "299", + "object_id_int": 299, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 299 None None BodgeIt ", + "url": "/finding/299", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 757, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "298", + "object_id_int": 298, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 298 None None BodgeIt ", + "url": "/finding/298", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 758, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "294", + "object_id_int": 294, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 294 None None BodgeIt ", + "url": "/finding/294", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 759, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "293", + "object_id_int": 293, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 293 None None BodgeIt ", + "url": "/finding/293", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 760, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "291", + "object_id_int": 291, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 291 None None BodgeIt ", + "url": "/finding/291", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 761, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "290", + "object_id_int": 290, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 290 None None BodgeIt ", + "url": "/finding/290", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 762, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "289", + "object_id_int": 289, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 289 None None BodgeIt ", + "url": "/finding/289", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 763, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "287", + "object_id_int": 287, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 287 None None BodgeIt ", + "url": "/finding/287", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 764, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "286", + "object_id_int": 286, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 286 None None BodgeIt ", + "url": "/finding/286", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 765, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "297", + "object_id_int": 297, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 297 None None BodgeIt ", + "url": "/finding/297", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 766, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "285", + "object_id_int": 285, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 285 None None BodgeIt ", + "url": "/finding/285", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 767, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "296", + "object_id_int": 296, + "title": "Comment Indicates Potentially Unfinished Code", + "description": "", + "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 296 None None BodgeIt ", + "url": "/finding/296", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 768, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "306", + "object_id_int": 306, + "title": "Cross-Site Request Forgery", + "description": "", + "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 306 None None BodgeIt ", + "url": "/finding/306", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 769, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "344", + "object_id_int": 344, + "title": "Cross-Site Request Forgery", + "description": "", + "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 344 None None BodgeIt ", + "url": "/finding/344", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 770, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "343", + "object_id_int": 343, + "title": "Email Addresses Disclosed", + "description": "", + "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 343 None None BodgeIt ", + "url": "/finding/343", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 771, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "305", + "object_id_int": 305, + "title": "Email Addresses Disclosed", + "description": "", + "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 305 None None BodgeIt ", + "url": "/finding/305", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 772, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "301", + "object_id_int": 301, + "title": "Frameable Response (Potential Clickjacking)", + "description": "", + "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 301 None None BodgeIt ", + "url": "/finding/301", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 773, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "339", + "object_id_int": 339, + "title": "Frameable Response (Potential Clickjacking)", + "description": "", + "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 339 None None BodgeIt ", + "url": "/finding/339", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 774, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "308", + "object_id_int": 308, + "title": "Path-Relative Style Sheet Import", + "description": "", + "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 308 None None BodgeIt ", + "url": "/finding/308", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 775, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "346", + "object_id_int": 346, + "title": "Path-Relative Style Sheet Import", + "description": "", + "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 346 None None BodgeIt ", + "url": "/finding/346", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 776, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "finding" + ], + "object_id": "279", + "object_id_int": 279, + "title": "Test", + "description": "", + "content": "Test None None No url given Info asdf adf asdf No references given S4 None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None None None None None None None None None None None 279 No url given None Internal CRM App ", + "url": "/finding/279", + "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 777, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Apple Accounting Software", + "description": "", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers high web production purchased 3 Billing", + "url": "/product/3", + "meta_encoded": "{\"prod_type__name\": \"Billing\"}" + } +}, +{ + "model": "watson.searchentry", + "pk": 778, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "1", + "object_id_int": 1, + "title": "ssh://127.0.0.1", + "description": "", + "content": "url ssh://127.0.0.1", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 779, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "2", + "object_id_int": 2, + "title": "127.0.0.1", + "description": "", + "content": "url 127.0.0.1", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 780, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "3", + "object_id_int": 3, + "title": "ftp://localhost/", + "description": "", + "content": "url ftp://localhost/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 781, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "4", + "object_id_int": 4, + "title": "http://localhost:8888/", + "description": "", + "content": "url http://localhost:8888/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 782, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "5", + "object_id_int": 5, + "title": "http://localhost:8888/bodgeit/", + "description": "", + "content": "url http://localhost:8888/bodgeit/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 783, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "6", + "object_id_int": 6, + "title": "http://localhost:8888/bodgeit/about.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/about.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 784, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "7", + "object_id_int": 7, + "title": "http://localhost:8888/bodgeit/admin.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/admin.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 785, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "8", + "object_id_int": 8, + "title": "http://localhost:8888/bodgeit/advanced.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/advanced.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 786, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "9", + "object_id_int": 9, + "title": "http://localhost:8888/bodgeit/basket.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/basket.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 787, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "10", + "object_id_int": 10, + "title": "http://localhost:8888/bodgeit/contact.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/contact.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 788, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "11", + "object_id_int": 11, + "title": "http://localhost:8888/bodgeit/home.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/home.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 789, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "12", + "object_id_int": 12, + "title": "http://localhost:8888/bodgeit/login.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/login.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 790, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "13", + "object_id_int": 13, + "title": "http://localhost:8888/bodgeit/logout.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/logout.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 791, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "14", + "object_id_int": 14, + "title": "http://localhost:8888/bodgeit/password.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/password.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 792, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "15", + "object_id_int": 15, + "title": "http://localhost:8888/bodgeit/product.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/product.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 793, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "16", + "object_id_int": 16, + "title": "http://localhost:8888/bodgeit/register.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/register.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 794, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "17", + "object_id_int": 17, + "title": "http://localhost:8888/bodgeit/score.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/score.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 795, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "18", + "object_id_int": 18, + "title": "http://localhost:8888/bodgeit/search.jsp", + "description": "", + "content": "url http://localhost:8888/bodgeit/search.jsp", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "watson.searchentry", + "pk": 796, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "location" + ], + "object_id": "19", + "object_id_int": 19, + "title": "http://127.0.0.1/endpoint/420/edit/", + "description": "", + "content": "url http://127.0.0.1/endpoint/420/edit/", + "url": "", + "meta_encoded": "{}" + } +}, +{ + "model": "authtoken.token", + "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", + "fields": { + "user": [ + "product_manager" + ], + "created": "2021-07-04T23:16:45.502Z" + } +}, +{ + "model": "authtoken.token", + "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", + "fields": { + "user": [ + "admin" + ], + "created": "2021-07-04T23:16:45.506Z" + } +}, +{ + "model": "authtoken.token", + "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708", + "fields": { + "user": [ + "user2" + ], + "created": "2021-07-04T23:16:45.509Z" + } +} +] diff --git a/dojo/fixtures/dojo_testdata.json b/dojo/fixtures/dojo_testdata.json index 26148621eaf..9575d2aba3a 100644 --- a/dojo/fixtures/dojo_testdata.json +++ b/dojo/fixtures/dojo_testdata.json @@ -112,6 +112,24 @@ "date_joined": "2018-04-13T07:59:51.527Z" } }, + { + "pk": 7, + "model": "auth.user", + "fields": { + "username": "globalWriter", + "first_name": "Global", + "last_name": "Writer", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "global_writer@email.com", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, { "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", "model": "sessions.session", @@ -2804,6 +2822,14 @@ "created": "2018-04-16T06:54:35.933Z" } }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba37", + "model": "authtoken.token", + "fields": { + "user": 7, + "created": "2018-04-16T06:54:35.933Z" + } + }, { "pk": "1", "model": "dojo.dojo_group", @@ -2871,6 +2897,14 @@ "role": 5 } }, + { + "pk": 4, + "model": "dojo.global_role", + "fields": { + "user": 7, + "role": 2 + } + }, { "model": "dojo.language_type", "pk": 1, diff --git a/dojo/fixtures/dojo_testdata_locations.json b/dojo/fixtures/dojo_testdata_locations.json new file mode 100644 index 00000000000..b2b3c2a7d5d --- /dev/null +++ b/dojo/fixtures/dojo_testdata_locations.json @@ -0,0 +1,3453 @@ +[ + { + "pk": 1, + "model": "auth.user", + "fields": { + "username": "admin", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": true, + "is_staff": true, + "last_login": "2018-04-17T06:00:43.171Z", + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$sT96yObJtsFk$F9YAJimsQqBXnff/QGLNTv100qhCNl/23hoBuNtSNZU=", + "email": "", + "date_joined": "2018-04-13T07:58:59.861Z" + } + }, + { + "pk": 2, + "model": "auth.user", + "fields": { + "username": "user1", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 3, + "model": "auth.user", + "fields": { + "username": "user2", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2018-04-16T06:50:51.300Z", + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=", + "email": "", + "date_joined": "2018-04-13T07:59:59.989Z" + } + }, + { + "pk": 4, + "model": "auth.user", + "fields": { + "username": "user3", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 5, + "model": "auth.user", + "fields": { + "username": "user4", + "first_name": "", + "last_name": "", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 6, + "model": "auth.user", + "fields": { + "username": "user5", + "first_name": "User", + "last_name": "Five", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [ + 218, + 220, + 26, + 28 + ], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "user5@email.com", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": 7, + "model": "auth.user", + "fields": { + "username": "globalWriter", + "first_name": "Global", + "last_name": "Writer", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": null, + "groups": [], + "user_permissions": [], + "password": "pbkdf2_sha256$36000$pe8Ff8HrBPac$Lb3ee6/R9z/aL9nM+D2AXWTpIt9Pa9kcLueXxYNy1ZY=", + "email": "global_writer@email.com", + "date_joined": "2018-04-13T07:59:51.527Z" + } + }, + { + "pk": "2dqr18yqu9mzb87abk0okid75w2clakl", + "model": "sessions.session", + "fields": { + "expire_date": "2018-04-30T06:50:51.569Z", + "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==" + } + }, + { + "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", + "model": "sessions.session", + "fields": { + "expire_date": "2018-05-01T06:00:43.175Z", + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=" + } + }, + { + "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", + "model": "sessions.session", + "fields": { + "expire_date": "2018-04-27T07:59:39.760Z", + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=" + } + }, + { + "pk": 1, + "model": "sites.site", + "fields": { + "domain": "example.com", + "name": "example.com" + } + }, + { + "pk": 1, + "model": "admin.logentry", + "fields": { + "action_flag": 1, + "action_time": "2018-04-13T07:59:51.689Z", + "object_repr": "user1", + "object_id": "2", + "change_message": "[{\"added\": {}}]", + "user": 1, + "content_type": 3 + } + }, + { + "pk": 2, + "model": "admin.logentry", + "fields": { + "action_flag": 1, + "action_time": "2018-04-13T08:00:00.153Z", + "object_repr": "user2", + "object_id": "3", + "change_message": "[{\"added\": {}}]", + "user": 1, + "content_type": 3 + } + }, + { + "model": "auditlog.logentry", + "pk": 803, + "fields": { + "content_type": 28, + "object_pk": "1", + "object_id": 1, + "object_repr": "BodgeIt", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:54.921Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 804, + "fields": { + "content_type": 28, + "object_pk": "2", + "object_id": 2, + "object_repr": "Internal CRM App", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.044Z", + "additional_data": null + } + }, + { + "model": "auditlog.logentry", + "pk": 805, + "fields": { + "content_type": 28, + "object_pk": "3", + "object_id": 3, + "object_repr": "Apple Accounting Software", + "action": 0, + "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", + "actor": null, + "remote_addr": null, + "timestamp": "2021-10-22T01:24:55.071Z", + "additional_data": null + } + }, + { + "pk": 1, + "model": "dojo.system_settings", + "fields": { + "jira_labels": null, + "team_name": "", + "url_prefix": "", + "enable_slack_notifications": false, + "enable_mail_notifications": false, + "enable_webhooks_notifications": false, + "email_from": "no-reply@example.com", + "false_positive_history": false, + "msteams_url": "", + "slack_token": "", + "jira_minimum_severity": "Low", + "max_dupes": 1, + "slack_username": "", + "enable_msteams_notifications": false, + "enable_deduplication": true, + "delete_duplicates": false, + "slack_channel": "", + "mail_notifications_to": "", + "enable_jira": false, + "enable_product_grade": true, + "product_grade_a": 90, + "product_grade_b": 80, + "product_grade_c": 70, + "product_grade_d": 60, + "product_grade_f": 59 + } + }, + { + "pk": 1, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": "#admin", + "user": 1, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 2, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": null, + "user": 2, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 3, + "model": "dojo.usercontactInfo", + "fields": { + "phone_number": "", + "slack_username": null, + "cell_number": "", + "title": null, + "twitter_username": null, + "user": 3, + "block_execution": false, + "github_username": null + } + }, + { + "pk": 1, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "books", + "key_product": true + } + }, + { + "pk": 2, + "model": "dojo.product_type", + "fields": { + "critical_product": true, + "name": "ebooks", + "key_product": false + } + }, + { + "pk": 3, + "model": "dojo.product_type", + "fields": { + "critical_product": false, + "name": "podcast", + "key_product": true + } + }, + { + "pk": 1, + "model": "dojo.product_type_member", + "fields": { + "product_type": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.product_type_member", + "fields": { + "product_type": 1, + "user": 2, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.report_type", + "fields": { + "name": "Type 1", + "id": 1 + } + }, + { + "pk": 2, + "model": "dojo.report_type", + "fields": { + "name": "Type 2", + "id": 2 + } + }, + { + "pk": 3, + "model": "dojo.report_type", + "fields": { + "name": "Type 3", + "id": 3 + } + }, + { + "pk": 1, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": true, + "static_tool": false, + "name": "ZAP Scan" + } + }, + { + "pk": 2, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": false, + "static_tool": true, + "name": "BURP Scan" + } + }, + { + "pk": 3, + "model": "dojo.test_type", + "fields": { + "dynamic_tool": true, + "static_tool": true, + "name": "NESSUS Scan" + } + }, + { + "pk": 120, + "model": "dojo.test_type", + "fields": { + "name": "Xanitizer Scan" + } + }, + { + "pk": 555, + "model": "dojo.test_type", + "fields": { + "name": "Veracode Scan" + } + }, + { + "pk": 999, + "model": "dojo.test_type", + "fields": { + "name": "Checkmarx Scan detailed" + } + }, + { + "pk": 1, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 1, + "name": "Python How-to", + "created": null, + "technical_contact": 3, + "product_manager": 1, + "team_manager": 2, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 2, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 2, + "name": "Security How-to", + "created": null, + "technical_contact": 2, + "product_manager": 2, + "team_manager": 3, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 3, + "model": "dojo.product", + "fields": { + "updated": null, + "prod_type": 3, + "name": "Security Podcast", + "created": null, + "technical_contact": 3, + "product_manager": 1, + "team_manager": 3, + "tid": 0, + "description": "test product" + } + }, + { + "pk": 1, + "model": "dojo.product_member", + "fields": { + "product": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.product_member", + "fields": { + "product": 1, + "user": 2, + "role": 4 + } + }, + { + "pk": 4, + "model": "dojo.product_member", + "fields": { + "product": 2, + "user": 2, + "role": 4 + } + }, + { + "pk": 6, + "model": "dojo.product_member", + "fields": { + "product": 3, + "user": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.app_analysis", + "fields": { + "product": 1, + "name": "Tomcat", + "user": [ + "admin" + ], + "confidence": 100, + "version": "8.5.1", + "icon": null, + "website": null, + "website_found": null, + "created": "2018-08-16T16:58:23.908Z" + } + }, + { + "pk": 1, + "model": "dojo.notes", + "fields": { + "note_type": null, + "entry": "test note", + "date": "2020-07-14T13:13:46.172Z", + "author": 2, + "private": false, + "edited": false, + "editor": null, + "edit_time": "2020-07-14T13:13:46.172Z", + "history": [] + } + }, + { + "pk": 1, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 2, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "In Progress", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "1st Quarter Engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 2, + "model": "dojo.engagement", + "fields": { + "product": 1, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [ + 1 + ], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 3, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 2, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-04", + "name": "weekly engagement", + "check_list": true, + "target_start": "2018-04-03", + "api_test": true, + "deduplication_on_engagement": true, + "notes": [ + 1 + ] + } + }, + { + "pk": 4, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 5, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement2", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "model": "dojo.risk_acceptance", + "pk": 1, + "fields": { + "name": "Accept: Qwegqer", + "recommendation": "A", + "recommendation_details": "Fix the issue", + "decision": "A", + "decision_details": "The issue is not that big of a deal", + "accepted_by": "Somebody", + "path": "", + "owner": 1, + "expiration_date": "2023-08-28T00:00:00Z", + "expiration_date_warned": null, + "expiration_date_handled": null, + "reactivate_expired": true, + "restart_sla_expired": false, + "created": "2023-03-01T22:12:43.829Z", + "updated": "2023-03-01T22:12:43.891Z", + "accepted_findings": [ + 226 + ], + "notes": [] + } + }, + { + "pk": 6, + "model": "dojo.engagement", + "fields": { + "product": 2, + "pen_test": true, + "report_type": null, + "first_contacted": null, + "tmodel_path": "none", + "risk_acceptance": [], + "lead": 1, + "version": null, + "progress": "threat_model", + "threat_model": true, + "test_strategy": null, + "status": "Completed", + "updated": null, + "description": "test Engagement", + "reason": null, + "requester": null, + "active": true, + "done_testing": false, + "target_end": "2018-04-12", + "name": "April monthly engagement3", + "check_list": true, + "target_start": "2018-04-12", + "api_test": true, + "deduplication_on_engagement": true + } + }, + { + "pk": 1, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://127.0.0.1/endpoint/420/edit/" + } + }, + { + "pk": 2, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ftp://localhost" + } + }, + { + "pk": 3, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ssh://127.0.0.1" + } + }, + { + "pk": 4, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "ftp://foo.bar" + } + }, + { + "pk": 5, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://foo.bar" + } + }, + { + "pk": 6, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "http://bar.foo" + } + }, + { + "pk": 7, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "https://bar.foo" + } + }, + { + "pk": 8, + "model": "dojo.location", + "fields": { + "location_type": "url", + "location_value": "https://bar.foo/f6" + } + }, + { + "pk": 1, + "model": "dojo.url", + "fields": { + "location": 1, + "protocol": "http", + "fragment": "", + "host": "127.0.0.1", + "query": "", + "path": "endpoint/420/edit/", + "port": 80, + "hash": "f28d3752e452cde3e00a3aaf885fe153037ae69d9726e6a0936ee7da3225c1ad" + } + }, + { + "pk": 2, + "model": "dojo.url", + "fields": { + "location": 2, + "protocol": "ftp", + "fragment": "", + "host": "localhost", + "query": "", + "path": "", + "port": 21, + "hash": "025d6b16f8cfba2d8e15e85deb81963a84d5dd3c700614f8e8fda87378cf58aa" + } + }, + { + "pk": 3, + "model": "dojo.url", + "fields": { + "location": 3, + "protocol": "ssh", + "fragment": "", + "host": "127.0.0.1", + "query": "", + "path": "", + "port": 22, + "hash": "03009c0636425af566fb6b737db82852812fe2969107ef299530a248f78c4761" + } + }, + { + "pk": 4, + "model": "dojo.url", + "fields": { + "location": 4, + "protocol": "ftp", + "fragment": "", + "host": "foo.bar", + "query": "", + "path": "", + "port": 21, + "hash": "3c82808602507ea78a48dc605d86476f5cc609f99d446d1a9c9539d5c7c10166" + } + }, + { + "pk": 5, + "model": "dojo.url", + "fields": { + "location": 5, + "protocol": "http", + "fragment": "", + "host": "foo.bar", + "query": "", + "path": "", + "port": 80, + "hash": "c1f60206ce7dac6202baec6f6251006e499113356869f605d0168f13e1d593ac" + } + }, + { + "pk": 6, + "model": "dojo.url", + "fields": { + "location": 6, + "protocol": "http", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "", + "port": 80, + "hash": "99e0dbdf63598bfa7c3310a6785638117134c44ac59a38785e9e81fece0878da" + } + }, + { + "pk": 7, + "model": "dojo.url", + "fields": { + "location": 7, + "protocol": "https", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "", + "port": 443, + "hash": "26259e2d4e77789a856808509ba2d9a50838bdc76d71f596a1bb346bbcb30332" + } + }, + { + "pk": 8, + "model": "dojo.url", + "fields": { + "location": 8, + "protocol": "https", + "fragment": "", + "host": "bar.foo", + "query": "", + "path": "f6", + "port": 443, + "hash": "4e5614106ea6ca9c15c3328731036b06ab32c45fb2ed013601350748e2d3ed85" + } + }, + { + "pk": 1, + "model": "dojo.locationfindingreference", + "fields": { + "location": 2, + "finding": 2, + "status": "Active" + } + }, + { + "pk": 2, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 227, + "status": "Mitigated" + } + }, + { + "pk": 3, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 228, + "status": "FalsePositive" + } + }, + { + "pk": 4, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 229, + "status": "OutOfScope" + } + }, + { + "pk": 5, + "model": "dojo.locationfindingreference", + "fields": { + "location": 5, + "finding": 230, + "status": "RiskAccepted" + } + }, + { + "pk": 6, + "model": "dojo.locationfindingreference", + "fields": { + "location": 6, + "finding": 227, + "status": "Mitigated" + } + }, + { + "pk": 7, + "model": "dojo.locationfindingreference", + "fields": { + "location": 7, + "finding": 227, + "status": "Active" + } + }, + { + "pk": 8, + "model": "dojo.locationfindingreference", + "fields": { + "location": 8, + "finding": 231, + "status": "Active" + } + }, + { + "pk": 1, + "model": "dojo.locationproductreference", + "fields": { + "location": 6, + "product": 1, + "status": "Active" + } + }, + { + "pk": 1, + "model": "dojo.development_environment", + "fields": { + "name": "Development" + } + }, + { + "pk": 3, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "engagement": 1, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 4, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "title": "My ZAP Scan", + "engagement": 4, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 33, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 120, + "engagement": 3, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 55, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 999, + "scan_type": "Checkmarx Scan detailed", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 66, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 999, + "scan_type": "Checkmarx Scan detailed", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 77, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 555, + "scan_type": "Veracode Scan", + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 88, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 555, + "engagement": 5, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 13, + "model": "dojo.test", + "fields": { + "lead": 2, + "test_type": 1, + "engagement": 2, + "environment": 1, + "target_start": "2018-01-01T01:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2018-01-02T01:00:00Z" + } + }, + { + "pk": 14, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "engagement": 1, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [ + 1 + ], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 89, + "model": "dojo.test", + "fields": { + "lead": null, + "test_type": 1, + "scan_type": "ZAP Scan", + "title": "Location mitigation tests", + "engagement": 2, + "environment": 1, + "target_start": "2017-12-01T00:00:00Z", + "notes": [], + "percent_complete": 100, + "target_end": "2017-12-10T00:00:00Z" + } + }, + { + "pk": 2, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-21", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": true, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 3, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2021-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 4, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 5, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 6, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "High Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": null, + "file_path": "", + "duplicate_finding": 2, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": null, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7", + "last_reviewed": null + } + }, + { + "pk": 7, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2017-12-31", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "High", + "false_p": false, + "verified": false, + "severity": "High", + "title": "DUMMY FINDING", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "MITIGATION", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 3, + "out_of_scope": false, + "cwe": 1, + "file_path": "", + "duplicate_finding": null, + "description": "TEST finding", + "mitigated_by": null, + "reporter": 2, + "mitigated": null, + "active": false, + "line": 100, + "under_review": false, + "defect_review_requested_by": 2, + "review_requested_by": 2, + "thread_id": 1, + "url": "http://www.example.com", + "notes": [ + 1 + ], + "dynamic_finding": false, + "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0", + "last_reviewed": null + } + }, + { + "pk": 22, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-21", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 23, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2021-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 22, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 24, + "model": "dojo.finding", + "fields": { + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 33, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 22, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 124, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 12345, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 55, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 125, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 12345, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "Low Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 55, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "9aca00affd340c4da02c934e7e3106a45c6ad0911da479daae421b3b28a2c1aa", + "last_reviewed": null + } + }, + { + "pk": 224, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 6789, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2020-05-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": true, + "severity": "Low", + "title": "UID Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": false, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 77, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": null, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": true, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", + "last_reviewed": null + } + }, + { + "pk": 225, + "model": "dojo.finding", + "fields": { + "unique_id_from_tool": 6789, + "last_reviewed_by": null, + "reviewers": [], + "static_finding": false, + "date": "2018-01-01", + "references": "", + "files": [], + "payload": null, + "under_defect_review": false, + "impact": "Low", + "false_p": false, + "verified": false, + "severity": "Low", + "title": "UID Impact Test Finding", + "param": null, + "created": "2017-12-01T00:00:00Z", + "duplicate": true, + "mitigation": "test mitigation", + "found_by": [ + 1 + ], + "numerical_severity": "S0", + "test": 77, + "out_of_scope": false, + "cwe": null, + "file_path": "/dev/urandom", + "duplicate_finding": 224, + "description": "test finding", + "mitigated_by": null, + "reporter": 1, + "mitigated": null, + "active": false, + "line": 123, + "under_review": false, + "defect_review_requested_by": 1, + "review_requested_by": 1, + "thread_id": 11, + "url": null, + "notes": [], + "dynamic_finding": false, + "hash_code": "6f8d0bf970c14175e597843f4679769a4775742549d90f902ff803de9244c7e1", + "last_reviewed": null + } + }, + { + "model": "dojo.finding", + "pk": 226, + "fields": { + "title": "Test Location Mitigation - Finding F1 Without Locations", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": true, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "a6dd6bd359ff0b504a21b8a7ae5e59f1b40dd0fa1715728bd58de8f688f01b19", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:12:52.966Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 227, + "fields": { + "title": "Test Location Mitigation - Finding F2 With Many Locations", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "fde7dd425475851bd90a21e376eccbe753f84f94680c4394521a831846bd3aeb", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:23.760Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 228, + "fields": { + "title": "Test Location Mitigation - Finding F3 EPS False Positive", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "24cd769b8b4404d95b689902931317a614c3803bbd5b161e36076eaa6a08c672", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:13:49.275Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 229, + "fields": { + "title": "Test Location Mitigation - Finding F4 EPS Out of Scope", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "ab2a512956a76441ac537b0e78316709413be2599d37283caa7e20d92f8fa9fe", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:13.898Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 230, + "fields": { + "title": "Test Location Mitigation - Finding F5 EPS Risk Accepted", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "mitigated": null, + "mitigated_by": null, + "reporter": 1, + "numerical_severity": "S4", + "hash_code": "9a80eb44b140b5d11adaac4e478f3cb74c92625a42892ab8cba4fbba72e6d733", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:14:38.406Z", + "last_reviewed_by": null, + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "last_reviewed": null, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "model": "dojo.finding", + "pk": 231, + "fields": { + "title": "Test Location Mitigation - Finding F6 Mitigated", + "date": "2022-10-15", + "severity": "Info", + "description": "vulnerability", + "mitigation": "", + "impact": "", + "steps_to_reproduce": "", + "severity_justification": "", + "references": "", + "test": 89, + "active": false, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": true, + "mitigated": "2022-10-15T23:17:03.431Z", + "mitigated_by": 1, + "reporter": 1, + "numerical_severity": "S4", + "last_reviewed": "2022-10-15T23:17:03.431Z", + "last_reviewed_by": 1, + "hash_code": "6eb2b8bffe1ca07719a7249ef18403057a5bc0c834866b0a49d0f706bcec913e", + "static_finding": false, + "dynamic_finding": true, + "created": "2022-10-15T23:15:34.814Z", + "reviewers": [], + "files": [], + "payload": null, + "param": null, + "found_by": [ + 1 + ], + "thread_id": 0, + "url": null, + "notes": [], + "line": null, + "cwe": null, + "file_path": "" + } + }, + { + "pk": 1, + "model": "dojo.burprawrequestresponse", + "fields": { + "finding": 7, + "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89", + "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL" + } + }, + { + "pk": 2, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 1", + "test": 3, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 3, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 2", + "test": 14, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 4, + "model": "dojo.stub_finding", + "fields": { + "description": "test stub finding", + "reporter": 1, + "title": "test stub finding 3", + "test": 13, + "date": "2017-12-20", + "severity": "High" + } + }, + { + "pk": 1, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "XSS test template", + "title": "XSS template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "High" + } + }, + { + "pk": 2, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "SQLi test template", + "title": "SQLi template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "High" + } + }, + { + "pk": 3, + "model": "dojo.finding_template", + "fields": { + "impact": "", + "description": "CSRF test template", + "title": "CSRF template", + "mitigation": "", + "references": "", + "numerical_severity": null, + "cwe": null, + "severity": "Medium" + } + }, + { + "pk": 2, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 2", + "url": "https://defectdojo.atlassian.net/", + "username": "[YOUR USERNAME]", + "password": "[YOUR API TOKEN]", + "default_issue_type": "Task", + "epic_name_id": 10011, + "open_status_key": 11, + "close_status_key": 41, + "info_mapping_severity": "Lowest", + "low_mapping_severity": "Low", + "medium_mapping_severity": "Medium", + "high_mapping_severity": "High", + "critical_mapping_severity": "Highest", + "finding_text": "", + "global_jira_sla_notification": false + } + }, + { + "pk": 3, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 3", + "username": "defect.dojo", + "default_issue_type": "Task", + "finding_text": "", + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "url": "http://www.testjira.com", + "medium_mapping_severity": "test severity", + "open_status_key": 222, + "close_status_key": 223, + "critical_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "password": "user2", + "epic_name_id": 222 + } + }, + { + "pk": 4, + "model": "dojo.jira_instance", + "fields": { + "configuration_name": "Happy little JIRA 4", + "username": "defect.dojo", + "default_issue_type": "Spike", + "finding_text": "", + "info_mapping_severity": "Trivial", + "low_mapping_severity": "test severity", + "url": "http://www.testjira.com", + "medium_mapping_severity": "test severity", + "open_status_key": 333, + "close_status_key": 334, + "critical_mapping_severity": "test severity", + "high_mapping_severity": "test severity", + "password": "user3", + "epic_name_id": 333 + } + }, + { + "pk": 2, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "222", + "finding": 5, + "jira_id": "2", + "engagement": null + } + }, + { + "pk": 3, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "333", + "finding": null, + "jira_id": "333", + "engagement": 1 + } + }, + { + "pk": 4, + "model": "dojo.jira_issue", + "fields": { + "jira_key": "666", + "finding": null, + "jira_id": "666", + "engagement": null + } + }, + { + "pk": 1, + "model": "dojo.jira_project", + "fields": { + "push_notes": false, + "product": 1, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": true, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 2, + "model": "dojo.jira_project", + "fields": { + "push_notes": true, + "product": 2, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": false, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 3, + "model": "dojo.jira_project", + "fields": { + "push_notes": true, + "engagement": 3, + "push_all_issues": false, + "component": "", + "enable_engagement_epic_mapping": true, + "jira_instance": 2, + "project_key": "NTEST" + } + }, + { + "pk": 1, + "model": "dojo.note_type", + "fields": { + "name": "Test Note Type", + "description": "not that much", + "is_single": false, + "is_active": true, + "is_mandatory": false + } + }, + { + "pk": 1, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 1", + "description": "test type" + } + }, + { + "pk": 2, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 2", + "description": "test type" + } + }, + { + "pk": 3, + "model": "dojo.tool_type", + "fields": { + "name": "Tool Type 3", + "description": "test type" + } + }, + { + "pk": 1, + "model": "dojo.tool_configuration", + "fields": { + "username": "user1", + "password": "user1", + "tool_type": 1, + "name": "Tool Configuration 1", + "url": "http://www.example.com", + "auth_title": "", + "authentication_type": "Password", + "ssh": "", + "api_key": "", + "description": "test configuration" + } + }, + { + "pk": 2, + "model": "dojo.tool_configuration", + "fields": { + "username": "", + "password": "", + "tool_type": 2, + "name": "Tool Configuration 2", + "url": "http://www.example.com", + "auth_title": "test key", + "authentication_type": "API", + "ssh": "", + "api_key": "test string", + "description": "test configuration" + } + }, + { + "pk": 3, + "model": "dojo.tool_configuration", + "fields": { + "username": "", + "password": "", + "tool_type": 3, + "name": "Tool Configuration 3", + "url": "http://www.example.com", + "auth_title": "test ssh", + "authentication_type": "SSH", + "ssh": "test string", + "api_key": "", + "description": "test configuration" + } + }, + { + "pk": 1, + "model": "dojo.sonarqube_issue", + "fields": { + "key": "AREwS5n5TxsDNHm31CxP", + "status": "OPEN", + "type": "VULNERABILITY" + } + }, + { + "pk": 1, + "model": "dojo.sonarqube_issue_transition", + "fields": { + "sonarqube_issue": 1, + "created": "2020-06-23T22:37:10.369Z", + "finding_status": "Active, Verified", + "sonarqube_status": "OPEN", + "transitions": "confirm" + } + }, + { + "pk": 1, + "model": "dojo.product_api_scan_configuration", + "fields": { + "product": 2, + "service_key_1": "dojo_sonar_key", + "tool_configuration": 3 + } + }, + { + "pk": 1, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 1", + "tool_configuration": 1, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "1", + "description": "test product setting" + } + }, + { + "pk": 2, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 2", + "tool_configuration": 2, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "2", + "description": "test product setting" + } + }, + { + "pk": 3, + "model": "dojo.tool_product_settings", + "fields": { + "product": 1, + "name": "Product Setting 3", + "tool_configuration": 3, + "url": "http://www.example.com", + "notes": [], + "tool_project_id": "3", + "description": "test product setting" + } + }, + { + "pk": 1, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Python How-to", + "url": "", + "object_id": "1", + "content": "Python How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 1 + } + }, + { + "pk": 2, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security How-to", + "url": "", + "object_id": "2", + "content": "Security How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 2 + } + }, + { + "pk": 3, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security Podcast", + "url": "", + "object_id": "3", + "content": "Security Podcast test product 0 0 0", + "content_type": 21, + "object_id_int": 3 + } + }, + { + "pk": 4, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "3", + "content": "", + "content_type": 31, + "object_id_int": 3 + } + }, + { + "pk": 5, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Jan 01, 2018)", + "url": "", + "object_id": "13", + "content": "", + "content_type": 31, + "object_id_int": 13 + } + }, + { + "pk": 6, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "14", + "content": "", + "content_type": 31, + "object_id_int": 14 + } + }, + { + "pk": 7, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "2", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 2 + } + }, + { + "pk": 8, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "3", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 3 + } + }, + { + "pk": 9, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "4", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 4 + } + }, + { + "pk": 10, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "5", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 5 + } + }, + { + "pk": 11, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "6", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 6 + } + }, + { + "pk": 23, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Python How-to", + "url": "", + "object_id": "1", + "content": "Python How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 1 + } + }, + { + "pk": 24, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security How-to", + "url": "", + "object_id": "2", + "content": "Security How-to test product 0 0 0", + "content_type": 21, + "object_id_int": 2 + } + }, + { + "pk": 25, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Security Podcast", + "url": "", + "object_id": "3", + "content": "Security Podcast test product 0 0 0", + "content_type": 21, + "object_id_int": 3 + } + }, + { + "pk": 26, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "3", + "content": "", + "content_type": 31, + "object_id_int": 3 + } + }, + { + "pk": 27, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Jan 01, 2018)", + "url": "", + "object_id": "13", + "content": "", + "content_type": 31, + "object_id_int": 13 + } + }, + { + "pk": 28, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "Web Scan (Dec 01, 2017)", + "url": "", + "object_id": "14", + "content": "", + "content_type": 31, + "object_id_int": 14 + } + }, + { + "pk": 29, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "2", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 2 + } + }, + { + "pk": 30, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "3", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 3 + } + }, + { + "pk": 31, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "4", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 4 + } + }, + { + "pk": 32, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "5", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 5 + } + }, + { + "pk": 33, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "High Impact Test Finding", + "url": "", + "object_id": "6", + "content": "High Impact Test Finding None High test finding test mitigation High S0 None None None None None 5d368a051fdec959e08315a32ef633ba5711bed6e8e75319ddee2cab4d4608c7 ", + "content_type": 33, + "object_id_int": 6 + } + }, + { + "pk": 34, + "model": "watson.searchentry", + "fields": { + "engine_slug": "default", + "meta_encoded": "{}", + "description": "", + "title": "DUMMY FINDING", + "url": "", + "object_id": "7", + "content": "DUMMY FINDING http://www.example.com High TEST finding MITIGATION High S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ", + "content_type": 33, + "object_id_int": 7 + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", + "model": "authtoken.token", + "fields": { + "user": 2, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "548afd6fab3bea9794a41b31da0e9404f733e222", + "model": "authtoken.token", + "fields": { + "user": 1, + "created": "2018-04-16T06:54:35.937Z" + } + }, + { + "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708", + "model": "authtoken.token", + "fields": { + "user": 3, + "created": "2018-04-16T06:54:35.940Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba34", + "model": "authtoken.token", + "fields": { + "user": 4, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba35", + "model": "authtoken.token", + "fields": { + "user": 5, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba36", + "model": "authtoken.token", + "fields": { + "user": 6, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "184770c4c3256aba904297610fbb4da3fa15ba37", + "model": "authtoken.token", + "fields": { + "user": 7, + "created": "2018-04-16T06:54:35.933Z" + } + }, + { + "pk": "1", + "model": "dojo.dojo_group", + "fields": { + "name": "Group 1 Testdata", + "description": "Testdata description" + } + }, + { + "pk": "2", + "model": "dojo.dojo_group", + "fields": { + "name": "Group 2 Testdata", + "description": "Testdata description" + } + }, + { + "pk": 1, + "model": "dojo.product_type_group", + "fields": { + "product_type": 1, + "group": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.dojo_group_member", + "fields": { + "group": 1, + "user": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.product_group", + "fields": { + "product": 1, + "group": 1, + "role": 4 + } + }, + { + "pk": 1, + "model": "dojo.global_role", + "fields": { + "user": 1, + "role": 4 + } + }, + { + "pk": 2, + "model": "dojo.global_role", + "fields": { + "user": 6, + "role": 4 + } + }, + { + "pk": 3, + "model": "dojo.global_role", + "fields": { + "user": 5, + "role": 5 + } + }, + { + "pk": 4, + "model": "dojo.global_role", + "fields": { + "user": 7, + "role": 2 + } + }, + { + "model": "dojo.language_type", + "pk": 1, + "fields": { + "language": "JSON", + "color": "#882B0F" + } + }, + { + "model": "dojo.language_type", + "pk": 2, + "fields": { + "language": "Python", + "color": "#3572A5" + } + }, + { + "model": "dojo.languages", + "pk": 1, + "fields": { + "language": 1, + "product": 1, + "user": 1, + "files": 2, + "blank": 3, + "comment": 4, + "code": 5, + "created": "2018-04-16T06:54:35.940Z" + } + }, + { + "pk": 1, + "model": "dojo.notifications", + "fields": { + "product": null, + "user": null, + "template": false, + "product_type_added": "webhooks,alert", + "product_added": "webhooks,alert", + "engagement_added": "webhooks,alert", + "test_added": "webhooks,alert", + "scan_added": "webhooks,alert", + "scan_added_empty": "webhooks", + "jira_update": "alert", + "upcoming_engagement": "alert", + "stale_engagement": "alert", + "auto_close_engagement": "alert", + "close_engagement": "alert", + "user_mentioned": "alert", + "code_review": "alert", + "review_requested": "alert", + "other": "alert", + "sla_breach": "alert", + "risk_acceptance_expiration": "alert", + "sla_breach_combined": "alert" + } + }, + { + "model": "auth.permission", + "pk": 217, + "fields": { + "name": "Can add finding_ template", + "content_type": 55, + "codename": "add_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 218, + "fields": { + "name": "Can change finding_ template", + "content_type": 55, + "codename": "change_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 219, + "fields": { + "name": "Can delete finding_ template", + "content_type": 55, + "codename": "delete_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 220, + "fields": { + "name": "Can view finding_ template", + "content_type": 55, + "codename": "view_finding_template" + } + }, + { + "model": "auth.permission", + "pk": 25, + "fields": { + "name": "Can add log entry", + "content_type": 7, + "codename": "add_logentry" + } + }, + { + "model": "auth.permission", + "pk": 26, + "fields": { + "name": "Can change log entry", + "content_type": 7, + "codename": "change_logentry" + } + }, + { + "model": "auth.permission", + "pk": 27, + "fields": { + "name": "Can delete log entry", + "content_type": 7, + "codename": "delete_logentry" + } + }, + { + "model": "auth.permission", + "pk": 28, + "fields": { + "name": "Can view log entry", + "content_type": 7, + "codename": "view_logentry" + } + }, + { + "model": "dojo.cred_user", + "pk": 1, + "fields": { + "name": "Cred Product", + "username": "admin", + "password": "AES.1:2f3cb6d1d412a0552a46b67d972d14f5:6617146b4d29492551dfc62e4a697aca", + "role": "admin", + "authentication": "Form", + "http_authentication": "Basic", + "description": "test", + "url": "https://google.com", + "environment": 1, + "login_regex": null, + "logout_regex": null, + "is_valid": true, + "notes": [] + } + }, + { + "model": "dojo.cred_mapping", + "pk": 1, + "fields": { + "cred_id": 1, + "product": 1, + "finding": null, + "engagement": null, + "test": null, + "is_authn_provider": false, + "url": "https://google.com" + } + }, + { + "model": "dojo.announcement", + "pk": 1, + "fields": { + "message": "test message", + "dismissable": true, + "style": "danger" + } + }, + { + "model": "dojo.notification_webhooks", + "pk": 1, + "fields": { + "name": "My webhook endpoint", + "url": "http://webhook.endpoint:8080/post", + "header_name": "Auth", + "header_value": "Token xxx", + "status": "active", + "first_error": null, + "last_error": null, + "note": null, + "owner": null + } + }, + { + "model": "dojo.notification_webhooks", + "pk": 2, + "fields": { + "name": "My personal webhook endpoint", + "url": "http://webhook.endpoint:8080/post", + "header_name": "Auth", + "header_value": "Token secret", + "status": "active", + "first_error": null, + "last_error": null, + "note": null, + "owner": 6 + } + }, + { + "model": "dojo.test_type", + "pk": 1000, + "fields": { + "name": "SonarQube Scan detailed", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } + }, + { + "model": "dojo.test", + "pk": 90, + "fields": { + "engagement": 5, + "lead": [ + "admin" + ], + "test_type": 1000, + "scan_type": "SonarQube Scan detailed", + "title": null, + "description": null, + "target_start": "2025-10-22T08:29:41.333Z", + "target_end": "2025-10-22T08:29:41.333Z", + "percent_complete": 100, + "environment": 1, + "updated": "2025-10-22T08:29:41.590Z", + "created": "2025-10-22T08:29:41.343Z", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "", + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.finding", + "pk": 232, + "fields": { + "title": "Disabling CSRF Protections Is Security-Sensitive", + "date": "2025-10-22", + "sla_start_date": null, + "sla_expiration_date": "2025-11-21", + "cwe": 352, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "High", + "description": "A cross-site request forgery (CSRF) attack occurs when a trusted user of a web application can be forced, by an attacker, to perform sensitive\nactions that he didn’t intend, such as updating his profile or sending a message, more generally anything that can change the state of the\napplication.\nThe attacker can trick the user/victim to click on a link, corresponding to the privileged action, or to visit a malicious web site that embeds a\nhidden web request and as web browsers automatically include cookies, the actions can be authenticated and sensitive.\n**Ask Yourself Whether**\n\n The web application uses cookies to authenticate users. \n There exist sensitive operations in the web application that can be performed when the user is authenticated. \n The state / resources of the web application can be modified by doing HTTP POST or HTTP DELETE requests for example. \n\nThere is a risk if you answered yes to any of those questions.\n**Recommended Secure Coding Practices**\n\n Protection against CSRF attacks is strongly recommended:\n \n to be activated by default for all unsafe HTTP\n methods. \n implemented, for example, with an unguessable CSRF token \n \n Of course all sensitive operations should not be performed with safe HTTP methods like GET which are designed to be\n used only for information retrieval. \n\n**Sensitive Code Example**\nFor a Django application, the code is sensitive when,\n\n django.middleware.csrf.CsrfViewMiddleware is not used in the Django settings: \n\n\nMIDDLEWARE = [\n 'django.middleware.security.SecurityMiddleware',\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.middleware.common.CommonMiddleware',\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'django.contrib.messages.middleware.MessageMiddleware',\n 'django.middleware.clickjacking.XFrameOptionsMiddleware',\n] # Sensitive: django.middleware.csrf.CsrfViewMiddleware is missing\n\n\n the CSRF protection is disabled on a view: \n\n\n@csrf_exempt # Sensitive\ndef example(request):\n return HttpResponse(\"default\")\n\nFor a Flask application, the code is sensitive when,\n\n the WTF_CSRF_ENABLED setting is set to false: \n\n\napp = Flask(__name__)\napp.config['WTF_CSRF_ENABLED'] = False # Sensitive\n\n\n the application doesn’t use the CSRFProtect module: \n\n\napp = Flask(__name__) # Sensitive: CSRFProtect is missing\n\n@app.route('/')\ndef hello_world():\n return 'Hello, World!'\n\n\n the CSRF protection is disabled on a view: \n\n\napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app)\n\n@app.route('/example/', methods=['POST'])\n@csrf.exempt # Sensitive\ndef example():\n return 'example '\n\n\n the CSRF protection is disabled on a form: \n\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n csrf = False # Sensitive\n\n name = TextField('name')\n submit = SubmitField('submit')\n\n**Compliant Solution**\nFor a Django application,\n\n it is recommended to protect all the views with django.middleware.csrf.CsrfViewMiddleware: \n\n\nMIDDLEWARE = [\n 'django.middleware.security.SecurityMiddleware',\n 'django.contrib.sessions.middleware.SessionMiddleware',\n 'django.middleware.common.CommonMiddleware',\n 'django.middleware.csrf.CsrfViewMiddleware', # Compliant\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'django.contrib.messages.middleware.MessageMiddleware',\n 'django.middleware.clickjacking.XFrameOptionsMiddleware',\n]\n\n\n and to not disable the CSRF protection on specific views: \n\n\ndef example(request): # Compliant\n return HttpResponse(\"default\")\n\nFor a Flask application,\n\n the CSRFProtect module should be used (and not disabled further with WTF_CSRF_ENABLED set to false):\n \n\n\napp = Flask(__name__)\ncsrf = CSRFProtect()\ncsrf.init_app(app) # Compliant\n\n\n and it is recommended to not disable the CSRF protection on specific views or forms: \n\n\n@app.route('/example/', methods=['POST']) # Compliant\ndef example():\n return 'example '\n\nclass unprotectedForm(FlaskForm):\n class Meta:\n csrf = True # Compliant\n\n name = TextField('name')\n submit = SubmitField('submit')", + "mitigation": "Make sure disabling CSRF protection is safe here.", + "fix_available": null, + "impact": "No impact provided", + "steps_to_reproduce": null, + "severity_justification": null, + "references": "python:S4502\nunsafe HTTP\n methods\nsafe HTTP\nDjango\nDjango settings\nFlask\nDjango\nFlask\nOWASP Top 10 2021 Category A1\nMITRE, CWE-352\nOWASP Top 10 2017 Category A6\nOWASP: Cross-Site Request Forgery\nSANS Top 25", + "test": 90, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-10-22T08:29:41.361Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S1", + "last_reviewed": "2025-10-22T08:29:41.336Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "ed09b1b5980bd7b9d67b58ba3a3200b788b567a8b3359b5b66d861112b025b9e", + "line": 8, + "file_path": "vulnerable-flask-app.py", + "component_name": null, + "component_version": null, + "static_finding": true, + "dynamic_finding": false, + "created": "2025-10-22T08:29:41.361Z", + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": "AYvNd32RyD1npIoQXyT1", + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1000 + ], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.test_import", + "pk": 6829, + "fields": { + "created": "2025-10-22T08:29:41.453Z", + "modified": "2025-10-22T08:29:41.453Z", + "test": 90, + "import_settings": { + "tags": [], + "active": true, + "verified": true, + "push_to_jira": false, + "minimum_severity": "Info", + "close_old_findings": false + }, + "type": "import", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "" + } + }, + { + "model": "dojo.test_import_finding_action", + "pk": 80213, + "fields": { + "created": "2025-10-22T08:29:41.458Z", + "modified": "2025-10-22T08:29:41.458Z", + "test_import": 6829, + "finding": 232, + "action": "N" + } + }, + { + "model": "dojo.test_type", + "pk": 1001, + "fields": { + "name": "HackerOne Cases", + "static_tool": false, + "dynamic_tool": false, + "active": true, + "dynamically_generated": false + } + }, + { + "model": "dojo.test", + "pk": 91, + "fields": { + "engagement": 5, + "lead": [ + "admin" + ], + "test_type": 1001, + "scan_type": "HackerOne Cases", + "title": null, + "description": null, + "target_start": "2025-10-22T08:52:53.734Z", + "target_end": "2025-10-22T08:52:53.734Z", + "percent_complete": 100, + "environment": 1, + "updated": "2025-10-22T08:52:53.859Z", + "created": "2025-10-22T08:52:53.737Z", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "", + "api_scan_configuration": null, + "notes": [], + "files": [], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.finding", + "pk": 233, + "fields": { + "title": "Sensitive Account Balance Information Exposure via Example's DaviPlata Payment Link Integration", + "date": "2025-10-22", + "sla_start_date": null, + "sla_expiration_date": "2026-01-20", + "cwe": 0, + "cve": null, + "epss_score": null, + "epss_percentile": null, + "known_exploited": false, + "ransomware_used": false, + "kev_date": null, + "cvssv3": null, + "cvssv3_score": null, + "cvssv4": null, + "cvssv4_score": null, + "url": null, + "severity": "Medium", + "description": "**ID**: 2501687\n**Weakness Category**: Information Disclosure\n**Substate**: triaged\n**Reporter**: reporter\n**Assigned To**: Group example.co Team\n**Public**: no\n**Awarded On**: 2024-08-28 19:40:24 UTC\n**Bounty Price**: 400.0\n**First Response On**: 2024-05-14 22:14:16 UTC\n**Structured Scope**: 1489537348\n", + "mitigation": null, + "fix_available": null, + "impact": null, + "steps_to_reproduce": null, + "severity_justification": null, + "references": null, + "test": 91, + "active": true, + "verified": true, + "false_p": false, + "duplicate": false, + "duplicate_finding": null, + "out_of_scope": false, + "risk_accepted": false, + "under_review": false, + "last_status_update": "2025-10-22T08:52:53.755Z", + "review_requested_by": null, + "under_defect_review": false, + "defect_review_requested_by": null, + "is_mitigated": false, + "thread_id": 0, + "mitigated": null, + "mitigated_by": null, + "reporter": [ + "admin" + ], + "numerical_severity": "S2", + "last_reviewed": "2025-10-22T08:52:53.735Z", + "last_reviewed_by": [ + "admin" + ], + "param": null, + "payload": null, + "hash_code": "684facb6f2fd8faa50a28637d4f7fc1ba9ad3d3a932d39960e99e3c10aec3495", + "line": null, + "file_path": null, + "component_name": null, + "component_version": null, + "static_finding": false, + "dynamic_finding": true, + "created": "2025-10-22T08:52:53.755Z", + "scanner_confidence": null, + "sonarqube_issue": null, + "unique_id_from_tool": null, + "vuln_id_from_tool": null, + "sast_source_object": null, + "sast_sink_object": null, + "sast_source_line": null, + "sast_source_file_path": null, + "nb_occurences": null, + "publish_date": null, + "service": null, + "planned_remediation_date": null, + "planned_remediation_version": null, + "effort_for_fixing": null, + "reviewers": [], + "notes": [], + "files": [], + "found_by": [ + 1001 + ], + "tags": [], + "inherited_tags": [] + } + }, + { + "model": "dojo.test_import", + "pk": 6830, + "fields": { + "created": "2025-10-22T08:52:53.797Z", + "modified": "2025-10-22T08:52:53.797Z", + "test": 91, + "import_settings": { + "tags": [], + "active": true, + "verified": true, + "push_to_jira": false, + "minimum_severity": "Info", + "close_old_findings": false + }, + "type": "import", + "version": "", + "build_id": "", + "commit_hash": "", + "branch_tag": "" + } + }, + { + "model": "dojo.test_import_finding_action", + "pk": 80214, + "fields": { + "created": "2025-10-22T08:52:53.798Z", + "modified": "2025-10-22T08:52:53.798Z", + "test_import": 6830, + "finding": 233, + "action": "N" + } + } +] \ No newline at end of file diff --git a/dojo/forms.py b/dojo/forms.py index 0e32fcb0b15..f731a32671e 100644 --- a/dojo/forms.py +++ b/dojo/forms.py @@ -38,6 +38,8 @@ from dojo.finding.queries import get_authorized_findings from dojo.group.queries import get_authorized_groups, get_group_member_roles from dojo.labels import get_labels +from dojo.location.models import Location +from dojo.location.utils import validate_locations_to_add from dojo.models import ( EFFORT_FOR_FIXING_CHOICES, SEVERITY_CHOICES, @@ -521,10 +523,10 @@ class Meta: class DojoMetaDataForm(forms.ModelForm): - value = forms.CharField(widget=forms.Textarea(attrs={}), - required=True) - def full_clean(self): + # inject all fk_map values + for field, value in self.fk_map.items(): + setattr(self.instance, field, value) super().full_clean() try: self.instance.validate_unique() @@ -532,11 +534,23 @@ def full_clean(self): msg = "A metadata entry with the same name exists already for this object." self.add_error("name", msg) + def __init__(self, *args, **kwargs): + self.fk_map = kwargs.pop("fk_map", {}) + super().__init__(*args, **kwargs) + class Meta: model = DojoMeta fields = "__all__" +DojoMetaFormSet = modelformset_factory( + DojoMeta, + form=DojoMetaDataForm, + extra=1, + can_delete=True, +) + + class ImportScanForm(forms.Form): active_verified_choices = [("not_specified", "Not specified (default)"), ("force_to_true", "Force to True"), @@ -561,11 +575,11 @@ class ImportScanForm(forms.Form): scan_type = forms.ChoiceField(required=True, choices=get_choices_sorted) environment = forms.ModelChoiceField( queryset=Development_Environment.objects.all().order_by("name")) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects, required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects, required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", - help_text="The IP address, host name or full URL. You may enter one endpoint per line. " - "Each must be valid.", - widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) + help_text="The IP address, host name or full URL. You may enter one endpoint per line. " + "Each must be valid.", + widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) version = forms.CharField(max_length=100, required=False, help_text="Version that was scanned.") branch_tag = forms.CharField(max_length=100, required=False, help_text="Branch or Tag that was scanned.") commit_hash = forms.CharField(max_length=100, required=False, help_text="Commit that was scanned.") @@ -627,6 +641,9 @@ def __init__(self, *args, **kwargs): self.fields["environment"].initial = environment if endpoints: self.fields["endpoints"].queryset = endpoints + elif not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects if api_scan_configuration: self.fields["api_scan_configuration"].queryset = api_scan_configuration # couldn't find a cleaner way to add empty default @@ -654,7 +671,12 @@ def clean(self): msg = f"API scan configuration must be of tool type {tool_type}" raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -696,7 +718,7 @@ class ReImportScanForm(forms.Form): help_do_not_reactivate = "Select if the import should ignore active findings from the report, useful for triage-less scanners. Will keep existing findings closed, without reactivating them. For more information check the docs." do_not_reactivate = forms.BooleanField(help_text=help_do_not_reactivate, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects, required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects, required=False, label="Systems / Endpoints") tags = TagField(required=False, help_text="Modify existing tags that help describe this scan. " "Choose from the list or add new tags. Press Enter key to add.") file = forms.FileField( @@ -745,6 +767,9 @@ def __init__(self, *args, test=None, **kwargs): self.fields["tags"].initial = test.tags.all() if endpoints: self.fields["endpoints"].queryset = endpoints + elif not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects if api_scan_configuration: self.initial["api_scan_configuration"] = api_scan_configuration if api_scan_configuration_queryset: @@ -1216,7 +1241,7 @@ class AddFindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1245,8 +1270,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() if req_resp: self.fields["request"].initial = req_resp[0] @@ -1269,7 +1299,12 @@ def clean(self): msg = "Active findings cannot be risk accepted." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -1313,11 +1348,12 @@ class AdHocFindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(queryset=Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(queryset=Location.objects.all(), required=False, + label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", - help_text="The IP address, host name or full URL. You may enter one endpoint per line. " - "Each must be valid.", - widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) + help_text="The IP address, host name or full URL. You may enter one endpoint per line. " + "Each must be valid.", + widget=forms.widgets.Textarea(attrs={"rows": "3", "cols": "400"})) references = forms.CharField(widget=forms.Textarea, required=False) publish_date = forms.DateField(widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}), required=False) planned_remediation_date = forms.DateField(widget=forms.TextInput(attrs={"class": "datepicker", "autocomplete": "off"}), required=False) @@ -1342,8 +1378,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() if req_resp: self.fields["request"].initial = req_resp[0] @@ -1363,10 +1404,16 @@ def clean(self): msg = "False positive findings cannot be verified." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + + self.endpoints_to_add_list = endpoints_to_add_list + if errors: raise forms.ValidationError(errors) - self.endpoints_to_add_list = endpoints_to_add_list return cleaned_data @@ -1406,7 +1453,7 @@ class PromoteFindingForm(forms.ModelForm): "invalid_choice": "Select valid choice: Critical,High,Medium,Low"}) mitigation = forms.CharField(widget=forms.Textarea, required=False) impact = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1426,8 +1473,13 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - if product: + if settings.V3_FEATURE_LOCATIONS and product: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=product) + # TODO: Delete this after the move to Locations + elif product: self.fields["endpoints"].queryset = Endpoint.objects.filter(product=product) + else: + self.fields["endpoints"].queryset = Endpoint.objects.none() self.endpoints_to_add_list = [] @@ -1437,7 +1489,12 @@ def __init__(self, *args, **kwargs): def clean(self): cleaned_data = super().clean() - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if errors: raise forms.ValidationError(errors) self.endpoints_to_add_list = endpoints_to_add_list @@ -1483,7 +1540,7 @@ class FindingForm(forms.ModelForm): impact = forms.CharField(widget=forms.Textarea, required=False) request = forms.CharField(widget=forms.Textarea, required=False) response = forms.CharField(widget=forms.Textarea, required=False) - endpoints = forms.ModelMultipleChoiceField(queryset=Endpoint.objects.none(), required=False, label="Systems / Endpoints") + endpoints = forms.ModelMultipleChoiceField(queryset=Location.objects.none(), required=False, label="Systems / Endpoints") endpoints_to_add = forms.CharField(max_length=5000, required=False, label="Endpoints to add", help_text="The IP address, host name or full URL. You may enter one endpoint per line. " "Each must be valid.", @@ -1518,7 +1575,14 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.fields["endpoints"].queryset = Endpoint.objects.filter(product=self.instance.test.engagement.product) + if settings.V3_FEATURE_LOCATIONS: + self.fields["endpoints"].queryset = Location.objects.filter(products__product=self.instance.test.engagement.product) + if self.instance and self.instance.pk: + self.fields["endpoints"].initial = Location.objects.filter(findings__finding=self.instance) + else: + # TODO: Delete this after the move to Locations + self.fields["endpoints"].queryset = Endpoint.objects.filter(product=self.instance.test.engagement.product) + self.fields["mitigated_by"].queryset = get_authorized_users(Permissions.Finding_Edit) # do not show checkbox if finding is not accepted and simple risk acceptance is disabled @@ -1576,10 +1640,16 @@ def clean(self): msg = "Active findings cannot be risk accepted." raise forms.ValidationError(msg) - endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + if settings.V3_FEATURE_LOCATIONS: + endpoints_to_add_list, errors = validate_locations_to_add(cleaned_data["endpoints_to_add"]) + else: + # TODO: Delete this after the move to Locations + endpoints_to_add_list, errors = validate_endpoints_to_add(cleaned_data["endpoints_to_add"]) + + self.endpoints_to_add_list = endpoints_to_add_list + if errors: raise forms.ValidationError(errors) - self.endpoints_to_add_list = endpoints_to_add_list return cleaned_data @@ -1601,7 +1671,8 @@ def _post_clean(self): class Meta: model = Finding exclude = ("reporter", "url", "numerical_severity", "under_review", "reviewers", "cve", "inherited_tags", - "review_requested_by", "is_mitigated", "jira_creation", "jira_change", "sonarqube_issue", "endpoint_status") + "review_requested_by", "is_mitigated", "jira_creation", "jira_change", "sonarqube_issue", + "endpoints", "endpoint_status") class StubFindingForm(forms.ModelForm): @@ -1946,7 +2017,7 @@ def __init__(self, *args, **kwargs): product = kwargs.pop("product") super().__init__(*args, **kwargs) self.fields["product"] = forms.ModelChoiceField( - queryset=get_authorized_products(Permissions.Endpoint_Add), + queryset=get_authorized_products(Permissions.Location_Add), label=labels.ASSET_LABEL, help_text=labels.ASSET_ENDPOINT_HELP) if product is not None: diff --git a/dojo/group/queries.py b/dojo/group/queries.py index dedb0d35e14..deee04a346a 100644 --- a/dojo/group/queries.py +++ b/dojo/group/queries.py @@ -1,11 +1,14 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef +from django.db.models import Subquery from dojo.authorization.authorization import get_roles_for_permission from dojo.authorization.roles_permissions import Permissions from dojo.models import Dojo_Group, Dojo_Group_Member, Product_Group, Product_Type_Group, Role +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_groups(permission): user = get_current_user() @@ -16,11 +19,16 @@ def get_authorized_groups(permission): return Dojo_Group.objects.all().order_by("name") roles = get_roles_for_permission(permission) - authorized_roles = Dojo_Group_Member.objects.filter(group=OuterRef("pk"), - user=user, - role__in=roles) - groups = Dojo_Group.objects.annotate(user=Exists(authorized_roles)).order_by("name") - return groups.filter(user=True) + + # Get authorized group IDs via subquery + authorized_roles = Dojo_Group_Member.objects.filter( + user=user, role__in=roles, + ).values("group_id") + + # Filter using IN with Subquery - no annotations needed + return Dojo_Group.objects.filter( + pk__in=Subquery(authorized_roles), + ).order_by("name") def get_authorized_group_members(permission): diff --git a/dojo/importers/base_importer.py b/dojo/importers/base_importer.py index f4eeb3e8f15..3e00a216cbd 100644 --- a/dojo/importers/base_importer.py +++ b/dojo/importers/base_importer.py @@ -13,9 +13,12 @@ from django.utils.timezone import make_aware import dojo.finding.helper as finding_helper +import dojo.risk_acceptance.helper as ra_helper from dojo import utils from dojo.importers.endpoint_manager import EndpointManager +from dojo.importers.location_manager import LocationManager from dojo.importers.options import ImporterOptions +from dojo.location.models import AbstractLocation, Location from dojo.models import ( # Import History States IMPORT_CLOSED_FINDING, @@ -79,7 +82,11 @@ def __init__( and will raise a `NotImplemented` exception """ ImporterOptions.__init__(self, *args, **kwargs) - self.endpoint_manager = EndpointManager() + if settings.V3_FEATURE_LOCATIONS: + self.location_manager = LocationManager() + else: + # TODO: Delete this after the move to Locations + self.endpoint_manager = EndpointManager() def check_child_implementation_exception(self): """ @@ -114,7 +121,7 @@ def process_findings( """ Make the conversion from unsaved Findings in memory to Findings that are saved in the database with and ID associated with them. This processor will also save any associated - objects such as endpoints, vulnerability IDs, and request/response pairs + objects such as locations, vulnerability IDs, and request/response pairs """ self.check_child_implementation_exception() @@ -410,8 +417,24 @@ def apply_import_tags( for tag in self.tags: self.add_tags_safe(finding, tag) + if settings.V3_FEATURE_LOCATIONS: + # Add any tags to any locations of the findings imported if necessary + if self.apply_tags_to_endpoints and self.tags: + # Collect all endpoints linked to the affected findings + locations_qs = Location.objects.filter(findings__finding__in=findings_to_tag).distinct() + try: + bulk_add_tags_to_instances( + tag_or_tags=self.tags, + instances=locations_qs, + tag_field_name="tags", + ) + except IntegrityError: + for finding in findings_to_tag: + for location in finding.locations.all(): + for tag in self.tags: + self.add_tags_safe(location.location, tag) # Add any tags to any endpoints of the findings imported if necessary - if self.apply_tags_to_endpoints and self.tags: + elif self.apply_tags_to_endpoints and self.tags: endpoints_qs = Endpoint.objects.filter(finding__in=findings_to_tag).distinct() try: bulk_add_tags_to_instances( @@ -462,8 +485,13 @@ def update_import_history( import_settings["close_old_findings"] = self.close_old_findings_toggle import_settings["push_to_jira"] = self.push_to_jira import_settings["tags"] = self.tags + if settings.V3_FEATURE_LOCATIONS: + # Add the list of locations that were added exclusively at import time + if len(self.endpoints_to_add) > 0: + import_settings["locations"] = [str(location) for location in self.endpoints_to_add] + # TODO: Delete this after the move to Locations # Add the list of endpoints that were added exclusively at import time - if len(self.endpoints_to_add) > 0: + elif len(self.endpoints_to_add) > 0: import_settings["endpoints"] = [str(endpoint) for endpoint in self.endpoints_to_add] # Create the test import object test_import = Test_Import.objects.create( @@ -538,19 +566,25 @@ def create_import_history_record_safe( def add_tags_safe( self, - finding_or_endpoint, + finding_or_location: Finding | Location | Endpoint, tag, ): - """Adds tags to a finding or endpoint, while catching any IntegrityErrors that might happen because of the background job having deleted a finding""" - if not isinstance(finding_or_endpoint, Finding) and not isinstance(finding_or_endpoint, Endpoint): - msg = "finding_or_endpoint must be a Finding or Endpoint object" + """Adds tags to a finding, location, or endpoint, while catching any IntegrityErrors that might happen because of the background job having deleted a finding""" + if isinstance(finding_or_location, Finding): + msg = "finding" + elif isinstance(finding_or_location, Location): + msg = "location" + # TODO: Delete this after the move to Locations + elif isinstance(finding_or_location, Endpoint): + msg = "endpoint" + else: + msg = f"finding_or_location must be a Finding, Location or Endpoint object not {type(finding_or_location)}" raise TypeError(msg) - msg = "finding" if isinstance(finding_or_endpoint, Finding) else "endpoint" if isinstance(finding_or_endpoint, Endpoint) else "unknown" - logger.debug(f" adding tag: {tag} to " + msg + f"{finding_or_endpoint.id}") + logger.debug(f"adding tag: {tag} to " + msg + f"{finding_or_location.id}") try: - finding_or_endpoint.tags.add(tag) + finding_or_location.tags.add(tag) except IntegrityError as e: # This try catch makes us look we don't know what we're doing, but in https://github.com/DefectDojo/django-DefectDojo/issues/6217 we decided that for now this is the best solution logger.warning("Error adding tag: %s", e) @@ -604,8 +638,8 @@ def update_test_progress( ): """ This function is added to the async queue at the end of all finding import tasks - and after endpoint task, so this should only run after all the other ones are done. - It's purpose is to update the percent completion of the test to 100 percent + and after location task, so this should only run after all the other ones are done. + Its purpose is to update the percent completion of the test to 100 percent """ self.test.percent_complete = percentage_value self.test.save() @@ -668,7 +702,7 @@ def maybe_launch_post_processing_chord( product = self.test.engagement.product system_settings = System_Settings.objects.get() if system_settings.enable_product_grade: - calculate_grade_signature = utils.calculate_grade_signature(product) + calculate_grade_signature = utils.calculate_grade.si(product.id) chord(post_processing_task_signatures)(calculate_grade_signature) else: group(post_processing_task_signatures).apply_async() @@ -818,6 +852,26 @@ def process_request_response_pairs( burp_rr.clean() burp_rr.save() + def process_locations( + self, + finding: Finding, + locations_to_add: list[AbstractLocation], + ) -> None: + """ + Process any locations to add to the finding. Locations could come from two places + - Directly from the report + - Supplied by the user from the import form + These locations will be processed in to Location objects and associated with the + finding and product + """ + # Save the unsaved locations + self.location_manager.chunk_locations_and_disperse(finding, finding.unsaved_locations) + # Check for any that were added in the form + if len(locations_to_add) > 0: + logger.debug("locations_to_add: %s", locations_to_add) + self.location_manager.chunk_locations_and_disperse(finding, locations_to_add) + + # TODO: Delete this after the move to Locations def process_endpoints( self, finding: Finding, @@ -830,6 +884,10 @@ def process_endpoints( These endpoints will be processed in to endpoints objects and associated with the finding and and product """ + if settings.V3_FEATURE_LOCATIONS: + msg = "BaseImporter#process_endpoints() method is deprecated when V3_FEATURE_LOCATIONS is enabled" + raise NotImplementedError(msg) + # Save the unsaved endpoints self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding.unsaved_endpoints) # Check for any that were added in the form @@ -911,7 +969,7 @@ def mitigate_finding( product_grading_option: bool = True, ) -> None: """ - Mitigates a finding, all endpoint statuses, leaves a note on the finding + Mitigates a finding, all location statuses, leaves a note on the finding with a record of what happened, and then saves the finding. Changes to this finding will also be synced with some ticket tracking system as well as groups @@ -925,8 +983,16 @@ def mitigate_finding( author=self.user, entry=note_message, ) - # Mitigate the endpoint statuses - self.endpoint_manager.mitigate_endpoint_status(finding.status_finding.all(), self.user, kwuser=self.user, sync=True) + # Remove risk acceptance if present (vulnerability is now fixed) + # risk_unaccept will check if finding.risk_accepted is True before proceeding + ra_helper.risk_unaccept(self.user, finding, perform_save=False, post_comments=False) + if settings.V3_FEATURE_LOCATIONS: + # Mitigate the location statuses + self.location_manager.mitigate_location_status(finding.locations.all(), self.user, kwuser=self.user, sync=True) + else: + # TODO: Delete this after the move to Locations + # Mitigate the endpoint statuses + self.endpoint_manager.mitigate_endpoint_status(finding.status_finding.all(), self.user, kwuser=self.user, sync=True) # to avoid pushing a finding group multiple times, we push those outside of the loop if finding_groups_enabled and finding.finding_group: # don't try to dedupe findings that we are closing diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py index 466c45c221c..6fc2beff074 100644 --- a/dojo/importers/default_importer.py +++ b/dojo/importers/default_importer.py @@ -7,7 +7,6 @@ from django.urls import reverse import dojo.jira_link.helper as jira_helper -from dojo.decorators import we_want_async from dojo.finding import helper as finding_helper from dojo.importers.base_importer import BaseImporter, Parser from dojo.importers.options import ImporterOptions @@ -129,7 +128,7 @@ def process_scan( new_findings=new_findings, closed_findings=closed_findings, ) - # Apply tags to findings and endpoints + # Apply tags to findings and endpoints/locations self.apply_import_tags( new_findings=new_findings, closed_findings=closed_findings, @@ -169,7 +168,7 @@ def process_findings( """ Saves findings in memory that were parsed from the scan report into the database. - This process involves first saving associated objects such as endpoints, files, + This process involves first saving associated objects such as locations, files, vulnerability IDs, and request response pairs. Once all that has been completed, the finding may be appended to a new or existing group based upon user selection at import time @@ -221,10 +220,10 @@ def process_findings( unsaved_finding.unsaved_tags = merged_tags unsaved_finding.tags = None finding = self.process_cve(unsaved_finding) - # Calculate hash_code before saving based on unsaved_endpoints and unsaved_vulnerability_ids + # Calculate hash_code before saving based on unsaved_endpoints/unsaved_locations and unsaved_vulnerability_ids finding.set_hash_code(True) - # postprocessing will be done after processing related fields like endpoints, vulnerability ids, etc. + # postprocessing will be done after processing related fields like locations, vulnerability ids, etc. unsaved_finding.save_no_options() # Determine how the finding should be grouped @@ -234,8 +233,13 @@ def process_findings( ) # Process any request/response pairs self.process_request_response_pairs(finding) - # Process any endpoints on the endpoint, or added on the form - self.process_endpoints(finding, self.endpoints_to_add) + if settings.V3_FEATURE_LOCATIONS: + # Process any locations on the finding, or added on the form + self.process_locations(finding, self.endpoints_to_add) + else: + # TODO: Delete this after the move to Locations + # Process any endpoints on the finding, or added on the form + self.process_endpoints(finding, self.endpoints_to_add) # Parsers must use unsaved_tags to store tags, so we can clean them cleaned_tags = clean_tags(finding.unsaved_tags) if isinstance(cleaned_tags, list): @@ -261,27 +265,14 @@ def process_findings( batch_finding_ids.clear() logger.debug("process_findings: dispatching batch with push_to_jira=%s (batch_size=%d, is_final=%s)", push_to_jira, len(finding_ids_batch), is_final_finding) - if we_want_async(async_user=self.user): - signature = finding_helper.post_process_findings_batch_signature( - finding_ids_batch, - dedupe_option=True, - rules_option=True, - product_grading_option=True, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - logger.debug("process_findings: signature created with push_to_jira=%s, signature.kwargs=%s", - push_to_jira, signature.kwargs) - signature() - else: - finding_helper.post_process_findings_batch( - finding_ids_batch, - dedupe_option=True, - rules_option=True, - product_grading_option=True, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) # No chord: tasks are dispatched immediately above per batch @@ -319,7 +310,7 @@ def close_old_findings( """ Closes old findings based on a hash code match at either the product or the engagement scope. Closing an old finding entails setting the - finding to mitigated status, setting all endpoint statuses to mitigated, + finding to mitigated status, setting all location statuses to mitigated, as well as leaving a not on the finding indicating that it was mitigated because the vulnerability is no longer present in the submitted scan report. """ @@ -342,9 +333,11 @@ def close_old_findings( new_unique_ids_from_tool.append(unique_id_from_tool) # Get the initial filtered list of old findings to be closed without # considering the scope of the product or engagement + # Include both active findings and risk-accepted findings (which have active=False) + # Risk-accepted findings should be closed if the vulnerability is actually fixed old_findings = Finding.objects.filter( + Q(active=True) | Q(risk_accepted=True), test__test_type=self.test.test_type, - active=True, ).exclude(test=self.test) # Filter further based on the deduplication algorithm set on the test self.deduplication_algorithm = self.determine_deduplication_algorithm() @@ -374,7 +367,7 @@ def close_old_findings( old_findings = old_findings.filter(service=self.service) else: old_findings = old_findings.filter(Q(service__isnull=True) | Q(service__exact="")) - # Update the status of the findings and any endpoints + # Update the status of the findings and any locations for old_finding in old_findings: url = str(get_full_url(reverse("view_test", args=(self.test.id,)))) test_title = str(self.test.title) diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index cf03fca6fdf..863a2cf0212 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -7,7 +7,6 @@ import dojo.finding.helper as finding_helper import dojo.jira_link.helper as jira_helper -from dojo.decorators import we_want_async from dojo.finding.deduplication import ( find_candidates_for_deduplication_hash, find_candidates_for_deduplication_uid_or_hash, @@ -16,6 +15,7 @@ ) from dojo.importers.base_importer import BaseImporter, Parser from dojo.importers.options import ImporterOptions +from dojo.location.status import FindingLocationStatus from dojo.models import ( Development_Environment, Finding, @@ -260,7 +260,7 @@ def process_findings( ) -> tuple[list[Finding], list[Finding], list[Finding], list[Finding]]: """ Saves findings in memory that were parsed from the scan report into the database. - This process involves first saving associated objects such as endpoints, files, + This process involves first saving associated objects such as endpoints/locations, files, vulnerability IDs, and request response pairs. Once all that has been completed, the finding may be appended to a new or existing group based upon user selection at import time @@ -329,8 +329,13 @@ def process_findings( # Set the service supplied at import time if self.service is not None: unsaved_finding.service = self.service - # Clean any endpoints that are on the finding - self.endpoint_manager.clean_unsaved_endpoints(unsaved_finding.unsaved_endpoints) + if settings.V3_FEATURE_LOCATIONS: + # Clean any locations that are on the finding + self.location_manager.clean_unsaved_locations(unsaved_finding.unsaved_locations) + else: + # TODO: Delete this after the move to Locations + # Clean any endpoints that are on the finding + self.endpoint_manager.clean_unsaved_endpoints(unsaved_finding.unsaved_endpoints) # Calculate the hash code to be used to identify duplicates unsaved_finding.hash_code = self.calculate_unsaved_finding_hash_code(unsaved_finding) deduplicationLogger.debug(f"unsaved finding's hash_code: {unsaved_finding.hash_code}") @@ -366,15 +371,27 @@ def process_findings( continue # Update endpoints on the existing finding with those on the new finding if finding.dynamic_finding: - logger.debug( - "Re-import found an existing dynamic finding for this new " - "finding. Checking the status of endpoints", - ) - self.endpoint_manager.update_endpoint_status( - existing_finding, - unsaved_finding, - self.user, - ) + if settings.V3_FEATURE_LOCATIONS: + logger.debug( + "Re-import found an existing dynamic finding for this new " + "finding. Checking the status of locations", + ) + self.location_manager.update_location_status( + existing_finding, + unsaved_finding, + self.user, + ) + else: + # TODO: Delete this after the move to Locations + logger.debug( + "Re-import found an existing dynamic finding for this new " + "finding. Checking the status of endpoints", + ) + self.endpoint_manager.update_endpoint_status( + existing_finding, + unsaved_finding, + self.user, + ) else: finding, finding_will_be_grouped = self.process_finding_that_was_not_matched(unsaved_finding) @@ -415,24 +432,14 @@ def process_findings( if len(batch_finding_ids) >= dedupe_batch_max_size or is_final: finding_ids_batch = list(batch_finding_ids) batch_finding_ids.clear() - if we_want_async(async_user=self.user): - finding_helper.post_process_findings_batch_signature( - finding_ids_batch, - dedupe_option=True, - rules_option=True, - product_grading_option=True, - issue_updater_option=True, - push_to_jira=push_to_jira, - )() - else: - finding_helper.post_process_findings_batch( - finding_ids_batch, - dedupe_option=True, - rules_option=True, - product_grading_option=True, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) # No chord: tasks are dispatched immediately above per batch @@ -645,7 +652,8 @@ def process_matched_special_status_finding( # If the finding is risk accepted and inactive in Defectdojo we do not sync the status from the scanner # We also need to add the finding to 'unchanged_items' as otherwise it will get mitigated by the reimporter # (Risk accepted findings are not set to mitigated by Defectdojo) - # We however do not exit the loop as we do want to update the endpoints (in case some endpoints were fixed) + # We however do not exit the loop as we do want to update the endpoints/locations (in case some + # endpoints/locations were fixed) if existing_finding.risk_accepted and not existing_finding.active: self.unchanged_items.append(existing_finding) return existing_finding, False @@ -740,17 +748,24 @@ def process_matched_mitigated_finding( if existing_finding.get_sla_configuration().restart_sla_on_reactivation: # restart the sla start date to the current date, finding.save() will set new sla_expiration_date existing_finding.sla_start_date = self.now - # don't dedupe before endpoints are added, postprocessing will be done on next save (in calling method) + # don't dedupe before endpoints/locations are added, postprocessing will be done on next save (in calling method) existing_finding.save_no_options() note = Notes(entry=f"Re-activated by {self.scan_type} re-upload.", author=self.user) note.save() - endpoint_statuses = existing_finding.status_finding.exclude( - Q(false_positive=True) - | Q(out_of_scope=True) - | Q(risk_accepted=True), - ) - self.endpoint_manager.chunk_endpoints_and_reactivate(endpoint_statuses) + if settings.V3_FEATURE_LOCATIONS: + # Reactivate mitigated locations + mitigated_locations = existing_finding.locations.filter(status=FindingLocationStatus.Mitigated) + self.location_manager.chunk_locations_and_reactivate(mitigated_locations) + else: + # TODO: Delete this after the move to Locations + # Reactivate mitigated endpoints that are not false positives, out of scope, or risk accepted + endpoint_statuses = existing_finding.status_finding.exclude( + Q(false_positive=True) + | Q(out_of_scope=True) + | Q(risk_accepted=True), + ) + self.endpoint_manager.chunk_endpoints_and_reactivate(endpoint_statuses) existing_finding.notes.add(note) self.reactivated_items.append(existing_finding) # The new finding is active while the existing on is mitigated. The existing finding needs to @@ -846,7 +861,7 @@ def process_finding_that_was_not_matched( unsaved_finding.date = self.scan_date.date() unsaved_finding = self.process_cve(unsaved_finding) # Hash code is already calculated earlier as it's the primary matching criteria for reimport - # Save it. Don't dedupe before endpoints are added. + # Save it. Don't dedupe before endpoints/locations are added. unsaved_finding.save_no_options() finding = unsaved_finding # Force parsers to use unsaved_tags (stored in finding_post_processing function below) @@ -911,9 +926,15 @@ def finding_post_processing( Save all associated objects to the finding after it has been saved for the purpose of foreign key restrictions """ - self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding_from_report.unsaved_endpoints) - if len(self.endpoints_to_add) > 0: - self.endpoint_manager.chunk_endpoints_and_disperse(finding, self.endpoints_to_add) + if settings.V3_FEATURE_LOCATIONS: + self.location_manager.chunk_locations_and_disperse(finding, finding_from_report.unsaved_locations) + if len(self.endpoints_to_add) > 0: + self.location_manager.chunk_locations_and_disperse(finding, self.endpoints_to_add) + else: + # TODO: Delete this after the move to Locations + self.endpoint_manager.chunk_endpoints_and_disperse(finding, finding_from_report.unsaved_endpoints) + if len(self.endpoints_to_add) > 0: + self.endpoint_manager.chunk_endpoints_and_disperse(finding, self.endpoints_to_add) # Parsers shouldn't use the tags field, and use unsaved_tags instead. # Merge any tags set by parser into unsaved_tags tags_from_parser = finding_from_report.tags if isinstance(finding_from_report.tags, list) else [] diff --git a/dojo/importers/endpoint_manager.py b/dojo/importers/endpoint_manager.py index f4b277d49fa..8817ff71bdb 100644 --- a/dojo/importers/endpoint_manager.py +++ b/dojo/importers/endpoint_manager.py @@ -17,6 +17,7 @@ logger = logging.getLogger(__name__) +# TODO: Delete this after the move to Locations class EndpointManager: @dojo_async_task @app.task() diff --git a/dojo/importers/location_manager.py b/dojo/importers/location_manager.py new file mode 100644 index 00000000000..c3a12fb5391 --- /dev/null +++ b/dojo/importers/location_manager.py @@ -0,0 +1,150 @@ +import logging +from typing import TypeVar + +from django.core.exceptions import ValidationError +from django.db.models import QuerySet +from django.utils import timezone + +from dojo.celery import app +from dojo.decorators import dojo_async_task +from dojo.location.models import AbstractLocation, LocationFindingReference +from dojo.location.status import FindingLocationStatus +from dojo.models import ( + Dojo_User, + Endpoint, + Finding, +) +from dojo.url.models import URL + +logger = logging.getLogger(__name__) + + +EndpointOrURL = TypeVar("EndpointOrURL", Endpoint, URL) + + +# test_notifications.py: Implement Locations +class LocationManager: + def get_or_create_location(self, unsaved_location: AbstractLocation) -> AbstractLocation | None: + if isinstance(unsaved_location, URL): + return URL.get_or_create_from_object(unsaved_location) + logger.debug(f"IMPORT_SCAN: Unsupported location type: {type(unsaved_location)}") + return None + + @dojo_async_task + @app.task() + def add_locations_to_unsaved_finding( + self, + finding: Finding, + locations: list[AbstractLocation], + **kwargs: dict, + ) -> None: + """Creates Endpoint objects for a single finding and creates the link via the endpoint status""" + locations = list(set(locations)) + + logger.debug(f"IMPORT_SCAN: Adding {len(locations)} locations to finding: {finding}") + self.clean_unsaved_locations(locations) + + # LOCATION LOCATION LOCATION + # TODO: bulk create the finding/product refs... + locations_saved = 0 + for unsaved_location in locations: + if saved_location := self.get_or_create_location(unsaved_location): + locations_saved += 1 + saved_location.location.associate_with_finding(finding, status=FindingLocationStatus.Active) + + logger.debug(f"IMPORT_SCAN: {locations_saved} locations imported") + + @dojo_async_task + @app.task() + def mitigate_location_status( + self, + location_refs: QuerySet[LocationFindingReference], + user: Dojo_User, + **kwargs: dict, + ) -> None: + """Mitigate all given (non-mitigated) location refs""" + location_refs.exclude(status=FindingLocationStatus.Mitigated).update( + auditor=user, + audit_time=timezone.now(), + status=FindingLocationStatus.Mitigated, + ) + + @dojo_async_task + @app.task() + def reactivate_location_status( + self, + location_refs: QuerySet[LocationFindingReference], + **kwargs: dict, + ) -> None: + """Reactivate all given (mitigated) locations refs""" + location_refs.filter(status=FindingLocationStatus.Mitigated).update( + auditor=None, + audit_time=timezone.now(), + status=FindingLocationStatus.Active, + ) + + def chunk_locations_and_disperse( + self, + finding: Finding, + locations: list[AbstractLocation], + **kwargs: dict, + ) -> None: + self.add_locations_to_unsaved_finding(finding, locations, sync=True) + + def clean_unsaved_locations( + self, + locations: list[AbstractLocation], + ) -> None: + """ + Clean endpoints that are supplied. For any endpoints that fail this validation + process, raise a message that broken endpoints are being stored + """ + for location in locations: + try: + location.clean() + except ValidationError as e: + logger.warning("DefectDojo is storing broken locations because cleaning wasn't successful: %s", e) + + def chunk_locations_and_reactivate( + self, + location_refs: QuerySet[LocationFindingReference], + **kwargs: dict, + ) -> None: + self.reactivate_location_status(location_refs, sync=True) + + def chunk_locations_and_mitigate( + self, + location_refs: QuerySet[LocationFindingReference], + user: Dojo_User, + **kwargs: dict, + ) -> None: + self.mitigate_location_status(location_refs, user, sync=True) + + def update_location_status( + self, + existing_finding: Finding, + new_finding: Finding, + user: Dojo_User, + **kwargs: dict, + ) -> None: + """Update the list of locations from the new finding with the list that is in the old finding""" + # New endpoints are already added in serializers.py / views.py (see comment "# for existing findings: make sure endpoints are present or created") + # So we only need to mitigate endpoints that are no longer present + # using `.all()` will mark as mitigated also `endpoint_status` with flags `false_positive`, `out_of_scope` and `risk_accepted`. This is a known issue. This is not a bug. This is a future. + + if new_finding.is_mitigated: + # New finding is mitigated, so mitigate all existing location refs + self.chunk_locations_and_mitigate(existing_finding.locations.all(), user) + else: + # New finding not mitigated; so, reactivate all refs + existing_location_refs: QuerySet[LocationFindingReference] = existing_finding.locations.all() + + new_locations_values = [str(location) for location in new_finding.unsaved_locations] + + # Reactivate endpoints in the old finding that are in the new finding + location_refs_to_reactivate = existing_location_refs.filter(location__location_value__in=new_locations_values) + # Mitigate endpoints in the existing finding not in the new finding + location_refs_to_mitigate = existing_location_refs.exclude(location__location_value__in=new_locations_values) + + self.chunk_locations_and_reactivate(location_refs_to_reactivate) + self.chunk_locations_and_mitigate(location_refs_to_mitigate, user) diff --git a/dojo/importers/options.py b/dojo/importers/options.py index 3b7c624235d..f7a8e722733 100644 --- a/dojo/importers/options.py +++ b/dojo/importers/options.py @@ -3,7 +3,7 @@ from datetime import datetime from functools import wraps from pprint import pformat as pp -from typing import Any +from typing import TYPE_CHECKING, Any from django.contrib.auth.models import User from django.db.models import Model @@ -22,6 +22,10 @@ ) from dojo.utils import get_current_user, is_finding_groups_enabled +if TYPE_CHECKING: + from dojo.location.models import AbstractLocation + + logger = logging.getLogger(__name__) @@ -58,7 +62,7 @@ def load_base_options( self.do_not_reactivate: bool = self.validate_do_not_reactivate(*args, **kwargs) self.commit_hash: str = self.validate_commit_hash(*args, **kwargs) self.create_finding_groups_for_all_findings: bool = self.validate_create_finding_groups_for_all_findings(*args, **kwargs) - self.endpoints_to_add: list[Endpoint] | None = self.validate_endpoints_to_add(*args, **kwargs) + self.endpoints_to_add: list[Endpoint] | list[AbstractLocation] | None = self.validate_endpoints_to_add(*args, **kwargs) self.engagement: Engagement | None = self.validate_engagement(*args, **kwargs) self.environment: Development_Environment | None = self.validate_environment(*args, **kwargs) self.group_by: str = self.validate_group_by(*args, **kwargs) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index add39666c0d..6f7774c7cc3 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -18,7 +18,7 @@ from requests.auth import HTTPBasicAuth from dojo.celery import app -from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.decorators import dojo_async_task from dojo.forms import JIRAEngagementForm, JIRAProjectForm from dojo.models import ( Engagement, @@ -40,6 +40,7 @@ add_error_message_to_response, get_file_images, get_full_url, + get_object_or_none, get_system_setting, prod_name, to_str_typed, @@ -739,7 +740,10 @@ def jira_priority(obj): def jira_environment(obj): if isinstance(obj, Finding): - return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()]) + if not settings.V3_FEATURE_LOCATIONS: + # TODO: Delete this after the move to Locations + return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()]) + return "\n".join([str(location_ref.location) for location_ref in obj.locations.all()]) if isinstance(obj, Finding_Group): envs = [ jira_environment(finding) @@ -759,34 +763,40 @@ def push_to_jira(obj, *args, **kwargs): if isinstance(obj, Finding): if obj.has_finding_group: logger.debug("pushing finding group for %s to JIRA", obj) - return push_finding_group_to_jira(obj.finding_group, *args, **kwargs) - return push_finding_to_jira(obj, *args, **kwargs) + return push_finding_group_to_jira(obj.finding_group.id, *args, **kwargs) + return push_finding_to_jira(obj.id, *args, **kwargs) if isinstance(obj, Finding_Group): - return push_finding_group_to_jira(obj, *args, **kwargs) + return push_finding_group_to_jira(obj.id, *args, **kwargs) if isinstance(obj, Engagement): - return push_engagement_to_jira(obj, *args, **kwargs) + return push_engagement_to_jira(obj.id, *args, **kwargs) logger.error("unsupported object passed to push_to_jira: %s %i %s", obj.__name__, obj.id, obj) return None # we need thre separate celery tasks due to the decorators we're using to map to/from ids -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id -def push_finding_to_jira(finding, *args, **kwargs): +def push_finding_to_jira(finding_id, *args, **kwargs): + finding = get_object_or_none(Finding, id=finding_id) + if not finding: + logger.warning("Finding with id %s does not exist, skipping push_finding_to_jira", finding_id) + return None + if finding.has_jira_issue: return update_jira_issue(finding, *args, **kwargs) return add_jira_issue(finding, *args, **kwargs) -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id(model=Finding_Group) -def push_finding_group_to_jira(finding_group, *args, **kwargs): +def push_finding_group_to_jira(finding_group_id, *args, **kwargs): + finding_group = get_object_or_none(Finding_Group, id=finding_group_id) + if not finding_group: + logger.warning("Finding_Group with id %s does not exist, skipping push_finding_group_to_jira", finding_group_id) + return None + # Look for findings that have single ticket associations separate from the group for finding in finding_group.findings.filter(jira_issue__isnull=False): update_jira_issue(finding, *args, **kwargs) @@ -796,14 +806,17 @@ def push_finding_group_to_jira(finding_group, *args, **kwargs): return add_jira_issue(finding_group, *args, **kwargs) -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id(model=Engagement) -def push_engagement_to_jira(engagement, *args, **kwargs): +def push_engagement_to_jira(engagement_id, *args, **kwargs): + engagement = get_object_or_none(Engagement, id=engagement_id) + if not engagement: + logger.warning("Engagement with id %s does not exist, skipping push_engagement_to_jira", engagement_id) + return None + if engagement.has_jira_issue: - return update_epic(engagement, *args, **kwargs) - return add_epic(engagement, *args, **kwargs) + return update_epic(engagement.id, *args, **kwargs) + return add_epic(engagement.id, *args, **kwargs) def add_issues_to_epic(jira, obj, epic_id, issue_keys, *, ignore_epics=True): @@ -906,13 +919,30 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: message = f"Object {obj.id} cannot be pushed to JIRA as the JIRA instance has been deleted or is not available." return failure_to_add_message(message, None, obj) - obj_can_be_pushed_to_jira, error_message, _error_code = can_be_pushed_to_jira(obj) + obj_can_be_pushed_to_jira, error_message, error_code = can_be_pushed_to_jira(obj) if not obj_can_be_pushed_to_jira: + # Expected validation failures (not verified, not active, below threshold) + # should not create alerts when auto-pushing via "push all issues" + # These are expected conditions that don't indicate a problem + expected_validation_errors = [ + "error_not_active_or_verified", + "error_below_minimum_threshold", + "error_empty", + "error_inactive", + ] + # not sure why this check is not part of can_be_pushed_to_jira, but afraid to change it if isinstance(obj, Finding) and obj.duplicate and not obj.active: - logger.warning("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) - log_jira_cannot_be_pushed_reason(error_message + " and findis a duplicate", obj) + logger.info("%s will not be pushed to JIRA as it's a duplicate finding", to_str_typed(obj)) + # Duplicates are expected, don't create alerts + logger.info("%s cannot be pushed to JIRA: %s (expected - duplicate finding)", + to_str_typed(obj), error_message) + elif error_code in expected_validation_errors: + # These are expected when auto-pushing, only log, don't alert + logger.info("%s cannot be pushed to JIRA: %s (expected - finding not ready yet)", + to_str_typed(obj), error_message) else: + # Unexpected errors (configuration issues, etc.) should still alert log_jira_cannot_be_pushed_reason(error_message, obj) logger.warning("%s cannot be pushed to JIRA: %s.", to_str_typed(obj), error_message) logger.warning("The JIRA issue will NOT be created.") @@ -1366,12 +1396,13 @@ def jira_check_attachment(issue, source_file_name): return file_exists -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id(model=Engagement) -def close_epic(eng, push_to_jira, **kwargs): - engagement = eng +def close_epic(engagement_id, push_to_jira, **kwargs): + engagement = get_object_or_none(Engagement, id=engagement_id) + if not engagement: + logger.warning("Engagement with id %s does not exist, skipping close_epic", engagement_id) + return False if not is_jira_enabled(): return False @@ -1387,7 +1418,7 @@ def close_epic(eng, push_to_jira, **kwargs): if jira_project and jira_project.enable_engagement_epic_mapping: if push_to_jira: try: - jissue = get_jira_issue(eng) + jissue = get_jira_issue(engagement) if jissue is None: logger.warning("JIRA close epic failed: no issue found") return False @@ -1414,11 +1445,14 @@ def close_epic(eng, push_to_jira, **kwargs): return False -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id(model=Engagement) -def update_epic(engagement, **kwargs): +def update_epic(engagement_id, **kwargs): + engagement = get_object_or_none(Engagement, id=engagement_id) + if not engagement: + logger.warning("Engagement with id %s does not exist, skipping update_epic", engagement_id) + return False + logger.debug("trying to update jira EPIC for %d:%s", engagement.id, engagement.name) if not is_jira_configured_and_enabled(engagement): @@ -1458,11 +1492,14 @@ def update_epic(engagement, **kwargs): return False -@dojo_model_to_id @dojo_async_task @app.task -@dojo_model_from_id(model=Engagement) -def add_epic(engagement, **kwargs): +def add_epic(engagement_id, **kwargs): + engagement = get_object_or_none(Engagement, id=engagement_id) + if not engagement: + logger.warning("Engagement with id %s does not exist, skipping add_epic", engagement_id) + return False + logger.debug("trying to create a new jira EPIC for %d:%s", engagement.id, engagement.name) if not is_jira_configured_and_enabled(engagement): @@ -1545,33 +1582,65 @@ def jira_get_issue(jira_project, issue_key): return None -@dojo_model_to_id(parameter=1) -@dojo_model_to_id -@dojo_async_task -@app.task -@dojo_model_from_id(model=Notes, parameter=1) -@dojo_model_from_id def add_comment(obj, note, *, force_push=False, **kwargs): + """ + Wrapper function that extracts jira_issue from obj and calls the internal Celery task. + + The decorators convert obj and note to IDs before Celery serialization. + After deserialization, obj and note are model instances again. + """ if not is_jira_configured_and_enabled(obj): return False logger.debug("trying to add a comment to a linked jira issue for: %d:%s", obj.id, obj) - if not note.private: - jira_project = get_jira_project(obj) - jira_instance = get_jira_instance(obj) - if jira_project.push_notes or force_push is True: - try: - jira = get_jira_connection(jira_instance) - j_issue = obj.jira_issue - jira.add_comment( - j_issue.jira_id, - f"({note.author.get_full_name() or note.author.username}): {note.entry}") - except JIRAError as e: - log_jira_generic_alert("Jira Add Comment Error", str(e)) - return False - return True + # Get the jira_issue from obj + jira_issue = get_jira_issue(obj) + if not jira_issue: + logger.warning("No jira_issue found for obj %s, skipping add_comment", obj) + return False + + # Call the internal task with IDs (runs synchronously within this task) + return add_comment_internal(jira_issue.id, note.id, force_push=force_push, **kwargs) + + +@dojo_async_task +@app.task +def add_comment_internal(jira_issue_id, note_id, *, force_push=False, **kwargs): + """Internal Celery task that adds a comment to a JIRA issue.""" + jira_issue = get_object_or_none(JIRA_Issue, id=jira_issue_id) + if not jira_issue: + logger.warning("JIRA_Issue with id %s does not exist, skipping add_comment_internal", jira_issue_id) + return False + + note = get_object_or_none(Notes, id=note_id) + if not note: + logger.warning("Note with id %s does not exist, skipping add_comment_internal", note_id) + return False + + if note.private: return None + + jira_project = get_jira_project(jira_issue) + if not jira_project: + logger.warning("No jira_project found for jira_issue %s, skipping add_comment_internal", jira_issue_id) + return False + + jira_instance = jira_project.jira_instance + if not jira_instance: + logger.warning("No jira_instance found for jira_project %s, skipping add_comment_internal", jira_project.id) + return False + + if jira_project.push_notes or force_push is True: + try: + jira = get_jira_connection(jira_instance) + jira.add_comment( + jira_issue.jira_id, + f"({note.author.get_full_name() or note.author.username}): {note.entry}") + except JIRAError as e: + log_jira_generic_alert("Jira Add Comment Error", str(e)) + return False + return True return None @@ -1868,7 +1937,12 @@ def process_resolution_from_jira(finding, resolution_id, resolution_name, assign finding.mitigated = jira_now finding.is_mitigated = True finding.mitigated_by, _created = User.objects.get_or_create(username="JIRA") - finding.endpoints.clear() + if settings.V3_FEATURE_LOCATIONS: + for location_ref in finding.locations.all(): + location_ref.location.disassociate_from_finding(finding) + else: + # TODO: Delete this after the move to Locations + finding.endpoints.clear() finding.false_p = False ra_helper.risk_unaccept(User.objects.get_or_create(username="JIRA")[0], finding) status_changed = True diff --git a/dojo/jira_link/queries.py b/dojo/jira_link/queries.py index b077c076097..5ce281d2296 100644 --- a/dojo/jira_link/queries.py +++ b/dojo/jira_link/queries.py @@ -1,10 +1,13 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import JIRA_Issue, JIRA_Project, Product_Group, Product_Member, Product_Type_Group, Product_Type_Member +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_jira_projects(permission, user=None): if user is None: @@ -22,58 +25,42 @@ def get_authorized_jira_projects(permission, user=None): return jira_projects roles = get_roles_for_permission(permission) - engagement_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - user=user, - role__in=roles) - engagement_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("engagement__product_id"), - user=user, - role__in=roles) - engagement_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - group__users=user, - role__in=roles) - engagement_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("engagement__product_id"), - group__users=user, - role__in=roles) - product_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) - product_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) - product_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) - product_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - jira_projects = jira_projects.annotate( - engagement__product__prod_type__member=Exists(engagement_authorized_product_type_roles), - engagement__product__member=Exists(engagement_authorized_product_roles), - engagement__product__prod_type__authorized_group=Exists(engagement_authorized_product_type_groups), - engagement__product__authorized_group=Exists(engagement_authorized_product_groups), - product__prod_type__member=Exists(product_authorized_product_type_roles), - product__member=Exists(product_authorized_product_roles), - product__prod_type__authorized_group=Exists(product_authorized_product_type_groups), - product__authorized_group=Exists(product_authorized_product_groups)) - return jira_projects.filter( - Q(engagement__product__prod_type__member=True) - | Q(engagement__product__member=True) - | Q(engagement__product__prod_type__authorized_group=True) - | Q(engagement__product__authorized_group=True) - | Q(product__prod_type__member=True) - | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) - | Q(product__authorized_group=True)) + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + # JIRA projects can be attached via engagement or product path + return jira_projects.filter( + # Engagement path + Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(engagement__product_id__in=Subquery(authorized_product_groups)) + # Product path + | Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ) + + +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_jira_issues(permission): user = get_current_user() @@ -89,77 +76,40 @@ def get_authorized_jira_issues(permission): return jira_issues roles = get_roles_for_permission(permission) - engagement_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - user=user, - role__in=roles) - engagement_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("engagement__product_id"), - user=user, - role__in=roles) - engagement_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - group__users=user, - role__in=roles) - engagement_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("engagement__product_id"), - group__users=user, - role__in=roles) - finding_group_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("finding_group__test__engagement__product__prod_type_id"), - user=user, - role__in=roles) - finding_group_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("finding_group__test__engagement__product_id"), - user=user, - role__in=roles) - finding_group_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("finding_group__test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) - finding_group_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("finding_group__test__engagement__product_id"), - group__users=user, - role__in=roles) - finding_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - user=user, - role__in=roles) - finding_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - user=user, - role__in=roles) - finding_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) - finding_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - group__users=user, - role__in=roles) - jira_issues = jira_issues.annotate( - engagement__product__prod_type__member=Exists(engagement_authorized_product_type_roles), - engagement__product__member=Exists(engagement_authorized_product_roles), - engagement__product__prod_type__authorized_group=Exists(engagement_authorized_product_type_groups), - engagement__product__authorized_group=Exists(engagement_authorized_product_groups), - finding_group__test__engagement__product__prod_type__member=Exists(finding_group_authorized_product_type_roles), - finding_group__test__engagement__product__member=Exists(finding_group_authorized_product_roles), - finding_group__test__engagement__product__prod_type__authorized_group=Exists(finding_group_authorized_product_type_groups), - finding_group__test__engagement__product__authorized_group=Exists(finding_group_authorized_product_groups), - finding__test__engagement__product__prod_type__member=Exists(finding_authorized_product_type_roles), - finding__test__engagement__product__member=Exists(finding_authorized_product_roles), - finding__test__engagement__product__prod_type__authorized_group=Exists(finding_authorized_product_type_groups), - finding__test__engagement__product__authorized_group=Exists(finding_authorized_product_groups)) + + # Get authorized product/product_type IDs via subqueries + authorized_product_type_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + + authorized_product_roles = Product_Member.objects.filter( + user=user, role__in=roles, + ).values("product_id") + + authorized_product_type_groups = Product_Type_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_type_id") + + authorized_product_groups = Product_Group.objects.filter( + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + # JIRA issues can be attached via engagement, finding_group, or finding path return jira_issues.filter( - Q(engagement__product__prod_type__member=True) - | Q(engagement__product__member=True) - | Q(engagement__product__prod_type__authorized_group=True) - | Q(engagement__product__authorized_group=True) - | Q(finding_group__test__engagement__product__prod_type__member=True) - | Q(finding_group__test__engagement__product__member=True) - | Q(finding_group__test__engagement__product__prod_type__authorized_group=True) - | Q(finding_group__test__engagement__product__authorized_group=True) - | Q(finding__test__engagement__product__prod_type__member=True) - | Q(finding__test__engagement__product__member=True) - | Q(finding__test__engagement__product__prod_type__authorized_group=True) - | Q(finding__test__engagement__product__authorized_group=True)) + # Engagement path + Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(engagement__product_id__in=Subquery(authorized_product_groups)) + # Finding group path + | Q(finding_group__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(finding_group__test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(finding_group__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(finding_group__test__engagement__product_id__in=Subquery(authorized_product_groups)) + # Finding path + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(finding__test__engagement__product_id__in=Subquery(authorized_product_groups)), + ) diff --git a/dojo/jira_link/views.py b/dojo/jira_link/views.py index ebcc9616d4a..31841c9bf43 100644 --- a/dojo/jira_link/views.py +++ b/dojo/jira_link/views.py @@ -285,7 +285,9 @@ def check_for_and_create_comment(parsed_json): finding.notes.add(new_note) finding.jira_issue.jira_change = timezone.now() finding.jira_issue.save() - finding.save() + # Only update the timestamp, not other fields like 'active' to avoid + # race conditions with concurrent webhook events (e.g. issue_updated) + finding.save(update_fields=["updated"]) return None diff --git a/dojo/location/__init__.py b/dojo/location/__init__.py new file mode 100644 index 00000000000..9bd2bd300d2 --- /dev/null +++ b/dojo/location/__init__.py @@ -0,0 +1 @@ +import dojo.location.admin # noqa: F401 diff --git a/dojo/location/admin.py b/dojo/location/admin.py new file mode 100644 index 00000000000..7a08c95f5f8 --- /dev/null +++ b/dojo/location/admin.py @@ -0,0 +1,21 @@ +from django.contrib import admin + +from dojo.location.models import Location, LocationFindingReference, LocationProductReference + + +@admin.register(Location) +class LocationAdmin(admin.ModelAdmin): + + """Admin support for the Location model.""" + + +@admin.register(LocationFindingReference) +class LocationFindingReferenceAdmin(admin.ModelAdmin): + + """Admin support for the LocationFindingReference model.""" + + +@admin.register(LocationProductReference) +class LocationProductReferenceAdmin(admin.ModelAdmin): + + """Admin support for the LocationProductReference model.""" diff --git a/dojo/location/api/__init__.py b/dojo/location/api/__init__.py new file mode 100644 index 00000000000..2ff01484d5b --- /dev/null +++ b/dojo/location/api/__init__.py @@ -0,0 +1,3 @@ +path = "location" # noqa: RUF067 +finding_path = "location_findings" # noqa: RUF067 +product_path = "location_products" # noqa: RUF067 diff --git a/dojo/location/api/endpoint_compat.py b/dojo/location/api/endpoint_compat.py new file mode 100644 index 00000000000..1f75a3bfcf5 --- /dev/null +++ b/dojo/location/api/endpoint_compat.py @@ -0,0 +1,300 @@ +""" +Compatibility viewsets and serializers for Endpoint API using new Location models. + +These viewsets maintain API compatibility with the legacy Endpoint and Endpoint_Status +models while using the new URL and LocationFindingReference models underneath. +""" +import datetime + +from django_filters import BooleanFilter, CharFilter, NumberFilter +from django_filters.rest_framework import DjangoFilterBackend, FilterSet +from drf_spectacular.utils import extend_schema +from rest_framework import permissions, status, viewsets +from rest_framework.decorators import action +from rest_framework.fields import ( + CharField, + DateTimeField, + IntegerField, + SerializerMethodField, +) +from rest_framework.permissions import BasePermission, IsAuthenticated +from rest_framework.response import Response +from rest_framework.serializers import ModelSerializer +from rest_framework.viewsets import ReadOnlyModelViewSet + +from dojo.api_v2 import serializers +from dojo.api_v2.permissions import check_object_permission +from dojo.api_v2.prefetch import PrefetchListMixin, PrefetchRetrieveMixin +from dojo.api_v2.serializers import TagListSerializerField +from dojo.api_v2.views import report_generate +from dojo.authorization.roles_permissions import Permissions +from dojo.filters import CharFieldFilterANDExpression, CharFieldInFilter, OrderingFilter +from dojo.location.models import LocationFindingReference, LocationProductReference +from dojo.location.queries import get_authorized_location_finding_reference, get_authorized_location_product_reference +from dojo.location.status import FindingLocationStatus +from dojo.url.models import URL + +########## +# Common +########## + + +class V2WritesDisabled(BasePermission): + + """Disallows non-safe HTTP methods.""" + + message = "Writes to this endpoint are deprecated when V3_FEATURE_LOCATIONS is enabled" + + def has_permission(self, request, view): + return request.method in permissions.SAFE_METHODS + + def has_object_permission(self, request, view, obj): + return request.method in permissions.SAFE_METHODS + + +class UserHasLocationRefPermission(BasePermission): + + """Permission class for Location(Product|Finding)Reference model access.""" + + def has_object_permission(self, request, view, obj): + # obj is a URL instance, check permission on its location + return check_object_permission( + request, + obj, + Permissions.Location_View, + Permissions.Location_Edit, + Permissions.Location_Delete, + ) + + +########## +# Endpoint compatibility +########## + +class V3EndpointCompatibleFilterSet(FilterSet): + + """Endpoint-compatible FilterSet.""" + + id = NumberFilter(field_name="id", lookup_expr="exact") + + protocol = CharFilter(field_name="location__url__protocol", lookup_expr="icontains") + userinfo = CharFilter(field_name="location__url__user_info", lookup_expr="icontains") + host = CharFilter(field_name="location__url__host", lookup_expr="icontains") + port = NumberFilter(field_name="location__url__port", lookup_expr="exact") + path = CharFilter(field_name="location__url__path", lookup_expr="icontains") + query = CharFilter(field_name="location__url__query", lookup_expr="icontains") + fragment = CharFilter(field_name="location__url__fragment", lookup_expr="icontains") + + product = NumberFilter(field_name="product__id", lookup_expr="exact") + + location_id = NumberFilter(field_name="location__id", lookup_expr="exact") + + tag = CharFilter(field_name="location__tags__name", lookup_expr="icontains", help_text="Tag name contains") + tags = CharFieldInFilter(field_name="location__tags__name", lookup_expr="in", help_text="Comma separated list of exact tags (uses OR for multiple values)") + tags__and = CharFieldFilterANDExpression(field_name="location__tags__name", help_text="Comma separated list of exact tags to match with an AND expression") + not_tag = CharFilter(field_name="location__tags__name", lookup_expr="icontains", help_text="Not Tag name contains", exclude=True) + not_tags = CharFieldInFilter(field_name="location__tags__name", lookup_expr="in", help_text="Comma separated list of exact tags not present on model", exclude=True) + has_tags = BooleanFilter(field_name="location__tags", lookup_expr="isnull", exclude=True, label="Has tags") + + o = OrderingFilter( + fields=( + ("location__url__host", "host"), + ("product__id", "product"), + ("id", "id"), + ), + ) + + +class V3EndpointCompatibleSerializer(ModelSerializer): + + """Serializes a LocationProductReference model to something that looks like an Endpoint.""" + + protocol = CharField(source="location.url.protocol") + userinfo = CharField(source="location.url.user_info") + host = CharField(source="location.url.host") + port = IntegerField(source="location.url.port") + path = CharField(source="location.url.path") + query = CharField(source="location.url.query") + fragment = CharField(source="location.url.fragment") + tags = TagListSerializerField(source="location.tags") + location_id = IntegerField(source="location.id") + + class Meta: + model = LocationProductReference + exclude = ("location",) + + +class V3EndpointCompatibleViewSet(PrefetchListMixin, PrefetchRetrieveMixin, viewsets.ReadOnlyModelViewSet): + + """Read-only ViewSet for LocationProductReferences that behaves similar to EndpointViewSet for reads.""" + + serializer_class = V3EndpointCompatibleSerializer + queryset = LocationProductReference.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = V3EndpointCompatibleFilterSet + + permission_classes = ( + IsAuthenticated, + V2WritesDisabled, + UserHasLocationRefPermission, + ) + + def get_queryset(self): + """Get authorized URLs using Endpoint authorization logic.""" + return get_authorized_location_product_reference(Permissions.Location_View).filter(location__location_type=URL.LOCATION_TYPE).distinct() + + @extend_schema( + request=serializers.ReportGenerateOptionSerializer, + responses={status.HTTP_200_OK: serializers.ReportGenerateSerializer}, + ) + @action( + detail=True, methods=["post"], permission_classes=[IsAuthenticated], + ) + def generate_report(self, request, pk=None): + endpoint = self.get_object() + + options = {} + # prepare post data + report_options = serializers.ReportGenerateOptionSerializer( + data=request.data, + ) + if report_options.is_valid(): + options["include_finding_notes"] = report_options.validated_data[ + "include_finding_notes" + ] + options["include_finding_images"] = report_options.validated_data[ + "include_finding_images" + ] + options[ + "include_executive_summary" + ] = report_options.validated_data["include_executive_summary"] + options[ + "include_table_of_contents" + ] = report_options.validated_data["include_table_of_contents"] + else: + return Response( + report_options.errors, status=status.HTTP_400_BAD_REQUEST, + ) + + data = report_generate(request, endpoint, options) + report = serializers.ReportGenerateSerializer(data) + return Response(report.data) + + +########## +# Endpoint_Status-compatibility +########## + +class V3EndpointStatusCompatibleFilterSet(FilterSet): + + """Endpoint_Status-compatible FilterSet.""" + + mitigated = BooleanFilter(method="filter_mitigated") + false_positive = BooleanFilter(method="filter_false_positive") + out_of_scope = BooleanFilter(method="filter_out_of_scope") + risk_accepted = BooleanFilter(method="filter_risk_accepted") + + mitigated_by = CharFilter(method="filter_mitigated_by") + + finding = NumberFilter(field_name="finding", lookup_expr="exact") + endpoint = NumberFilter(method="filter_endpoint") + + def filter_mitigated(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.Mitigated) + return queryset.exclude(status=FindingLocationStatus.Mitigated) + + def filter_false_positive(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.FalsePositive) + return queryset.exclude(status=FindingLocationStatus.FalsePositive) + + def filter_out_of_scope(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.OutOfScope) + return queryset.exclude(status=FindingLocationStatus.OutOfScope) + + def filter_risk_accepted(self, queryset, name, value): + if value: + return queryset.filter(status=FindingLocationStatus.RiskAccepted) + return queryset.exclude(status=FindingLocationStatus.RiskAccepted) + + def filter_mitigated_by(self, queryset, name, value): + return queryset.filter(status=FindingLocationStatus.Mitigated, auditor__iexact=value) + + def filter_endpoint(self, queryset, name, value): + return queryset.filter(location__products__id=value) + + class Meta: + model = LocationFindingReference + fields = ["mitigated", "false_positive", "out_of_scope", "risk_accepted", "mitigated_by", "finding", "endpoint"] + + +class V3EndpointStatusCompatibleSerializer(ModelSerializer): + + """Serializes a LocationFindingReference model to something that looks like an Endpoint_Status.""" + + date = SerializerMethodField() + last_modified = DateTimeField(source="updated") + + mitigated = SerializerMethodField() + mitigated_time = SerializerMethodField() + mitigated_by = SerializerMethodField() + false_positive = SerializerMethodField() + out_of_scope = SerializerMethodField() + risk_accepted = SerializerMethodField() + + endpoint = SerializerMethodField() + location_id = IntegerField(source="location.id") + + def get_date(self, obj) -> datetime.date | None: + return obj.created.date() if obj.created else None + + def get_mitigated(self, obj) -> bool | None: + return obj.created.date() if obj.created else None + + def get_mitigated_time(self, obj) -> datetime.datetime | None: + return obj.audit_time if self.get_mitigated(obj) else None + + def get_mitigated_by(self, obj) -> int | None: + return obj.auditor.id if self.get_mitigated(obj) and obj.auditor else None + + def get_false_positive(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.FalsePositive + + def get_out_of_scope(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.OutOfScope + + def get_risk_accepted(self, obj) -> bool | None: + return obj.status == FindingLocationStatus.RiskAccepted + + def get_endpoint(self, obj) -> int | None: + product_ref = LocationProductReference.objects.filter( + location=obj.location, + product=obj.finding.test.engagement.product, + ).first() + return product_ref.location.id if product_ref else None + + class Meta: + model = LocationFindingReference + exclude = ("location",) + + +class V3EndpointStatusCompatibleViewSet(PrefetchListMixin, PrefetchRetrieveMixin, ReadOnlyModelViewSet): + + """Read-only ViewSet for LocationFindingReferences that behaves similar to EndpointViewSet for reads.""" + + serializer_class = V3EndpointStatusCompatibleSerializer + queryset = LocationFindingReference.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_class = V3EndpointStatusCompatibleFilterSet + + permission_classes = ( + IsAuthenticated, + V2WritesDisabled, + UserHasLocationRefPermission, + ) + + def get_queryset(self): + """Get authorized URLs using Endpoint authorization logic.""" + return get_authorized_location_finding_reference(Permissions.Location_View).filter(location__location_type=URL.LOCATION_TYPE).distinct() diff --git a/dojo/location/api/filters.py b/dojo/location/api/filters.py new file mode 100644 index 00000000000..9cab6c21bfd --- /dev/null +++ b/dojo/location/api/filters.py @@ -0,0 +1,87 @@ +from __future__ import annotations + +from django_filters import NumberFilter + +from dojo.api_helpers.filters import CommonFilters, StaticMethodFilters +from dojo.location.status import FindingLocationStatus, ProductLocationStatus + + +class AbstractedLocationFilter(StaticMethodFilters): + StaticMethodFilters.create_integer_filters("id", "ID", locals()) + StaticMethodFilters.create_char_filters("location__tags__name", "Tags", locals()) + StaticMethodFilters.create_char_filters("location__created_at", "Created At", locals()) + StaticMethodFilters.create_char_filters("location__updated_at", "Updated At", locals()) + StaticMethodFilters.create_integer_filters("location__products__product", "Product ID", locals()) + StaticMethodFilters.create_integer_filters("location__findings__finding", "Finding ID", locals()) + + product = NumberFilter( + field_name="location__products__product", + lookup_expr="exact", + help_text="Product ID: Equals", + ) + + +class LocationFilter(CommonFilters): + + """Conglomerate of all Location filters.""" + + # ordering (the order of the fields is enforced) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_char_filters("tags__name", "Tags", locals()) + CommonFilters.create_integer_filters("products__product", "Product ID", locals()) + CommonFilters.create_integer_filters("findings__finding", "Finding ID", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "created_at", + "updated_at", + ), + ) + + +class LocationProductReferenceFilter(CommonFilters): + CommonFilters.create_integer_filters("location", "Location", locals()) + CommonFilters.create_integer_filters("product", "Product", locals()) + CommonFilters.create_char_filters("product__name", "Product Name", locals()) + CommonFilters.create_choice_filters("status", "Status", ProductLocationStatus.choices, locals()) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "product", + "product__name", + "status", + "created_at", + "updated_at", + ), + ) + + +class LocationFindingReferenceFilter(CommonFilters): + CommonFilters.create_integer_filters("location", "Location", locals()) + CommonFilters.create_integer_filters("finding", "Finding", locals()) + CommonFilters.create_char_filters("finding__severity", "Finding Severity", locals()) + CommonFilters.create_choice_filters("status", "Status", FindingLocationStatus.choices, locals()) + CommonFilters.create_char_filters("location_type", "Location Type", locals()) + CommonFilters.create_char_filters("location_value", "Location Value", locals()) + CommonFilters.create_ordering_filters( + locals(), + ( + "id", + "location_type", + "location_value", + "finding", + "finding__severity", + "status", + "created_at", + "updated_at", + ), + ) diff --git a/dojo/location/api/permissions.py b/dojo/location/api/permissions.py new file mode 100644 index 00000000000..0dd41b33aa4 --- /dev/null +++ b/dojo/location/api/permissions.py @@ -0,0 +1,46 @@ +from rest_framework.permissions import BasePermission + +from dojo.api_v2.permissions import check_object_permission, check_post_permission +from dojo.authorization.roles_permissions import Permissions +from dojo.models import ( + Finding, + Product, +) + + +class LocationFindingReferencePermission(BasePermission): + def has_permission(self, request, view): + return check_post_permission( + request, + Finding, + "finding", + Permissions.Finding_Edit, + ) + + def has_object_permission(self, request, view, obj): + return check_object_permission( + request, + obj.finding, + Permissions.Finding_View, + Permissions.Finding_Edit, + Permissions.Finding_Edit, + ) + + +class LocationProductReferencePermission(BasePermission): + def has_permission(self, request, view): + return check_post_permission( + request, + Product, + "product", + Permissions.Product_Edit, + ) + + def has_object_permission(self, request, view, obj): + return check_object_permission( + request, + obj.product, + Permissions.Product_View, + Permissions.Product_Edit, + Permissions.Product_Edit, + ) diff --git a/dojo/location/api/serializers.py b/dojo/location/api/serializers.py new file mode 100644 index 00000000000..5051f5454a1 --- /dev/null +++ b/dojo/location/api/serializers.py @@ -0,0 +1,77 @@ +from __future__ import annotations + +from rest_framework.serializers import CharField + +from dojo.api_helpers.serializers import BaseModelSerializer +from dojo.api_v2.serializers import TagListSerializerField +from dojo.location.models import ( + AbstractLocation, + Location, + LocationFindingReference, + LocationProductReference, +) + + +class AbstractedLocationSerializer(BaseModelSerializer): + string = CharField(source="location.location_value", read_only=True) + type = CharField(source="location.location_type", read_only=True) + tags = TagListSerializerField(source="location.tags", required=False) + + def update(self, instance: AbstractLocation, validated_data): + tags = validated_data.pop("location", {}).pop("tags", None) + instance = super().update(instance, validated_data) + if tags is not None: + instance.location.tags.set(tags) + return instance + + def create(self, validated_data): + tags = validated_data.pop("location", {}).pop("tags", None) + instance = super().create(validated_data) + if tags is not None: + instance.location.tags.set(tags) + return instance + + +class LocationSerializer(BaseModelSerializer): + + """Serializer for the Location model with serializers for the related objects.""" + + tags = TagListSerializerField(required=False) + inherited_tags = TagListSerializerField(required=False) + + class Meta: + + """Meta class for the Location model.""" + + model = Location + fields = "__all__" + + +class LocationFindingReferenceSerializer(BaseModelSerializer): + + """Serializer for the LocationFindingReference model with serializers for the related objects.""" + + location_type = CharField(read_only=True) + location_value = CharField(read_only=True) + + class Meta: + + """Meta class for the LocationFindingReferenceSerializer model.""" + + model = LocationFindingReference + fields = "__all__" + + +class LocationProductReferenceSerializer(BaseModelSerializer): + + """Serializer for the LocationProductReference model with serializers for the related objects.""" + + location_type = CharField(read_only=True) + location_value = CharField(read_only=True) + + class Meta: + + """Meta class for the LocationProductReference model.""" + + model = LocationProductReference + fields = "__all__" diff --git a/dojo/location/api/urls.py b/dojo/location/api/urls.py new file mode 100644 index 00000000000..25494552c76 --- /dev/null +++ b/dojo/location/api/urls.py @@ -0,0 +1,9 @@ +from dojo.location.api import finding_path, path, product_path +from dojo.location.api.views import LocationFindingReferenceViewSet, LocationProductReferenceViewSet, LocationViewSet + + +def add_locations_urls(router): + router.register(path, LocationViewSet, path) + router.register(finding_path, LocationFindingReferenceViewSet, finding_path) + router.register(product_path, LocationProductReferenceViewSet, product_path) + return router diff --git a/dojo/location/api/views.py b/dojo/location/api/views.py new file mode 100644 index 00000000000..9eb276bc6b3 --- /dev/null +++ b/dojo/location/api/views.py @@ -0,0 +1,82 @@ +from django.db.models import QuerySet +from django_filters.rest_framework import DjangoFilterBackend +from rest_framework.permissions import DjangoModelPermissions, IsAuthenticated +from rest_framework.viewsets import ReadOnlyModelViewSet + +from dojo.api_v2.permissions import IsSuperUser +from dojo.api_v2.views import PrefetchDojoModelViewSet +from dojo.authorization.roles_permissions import Permissions +from dojo.location.api.filters import ( + LocationFilter, + LocationFindingReferenceFilter, + LocationProductReferenceFilter, +) +from dojo.location.api.permissions import ( + LocationFindingReferencePermission, + LocationProductReferencePermission, +) +from dojo.location.api.serializers import ( + LocationFindingReferenceSerializer, + LocationProductReferenceSerializer, + LocationSerializer, +) +from dojo.location.models import ( + Location, + LocationFindingReference, + LocationProductReference, +) +from dojo.location.queries import ( + get_authorized_location_finding_reference, + get_authorized_location_product_reference, +) + + +class LocationViewSet(ReadOnlyModelViewSet): + + """A simple ViewSet for viewing and editing Locations.""" + + serializer_class = LocationSerializer + queryset = Location.objects.none() + filterset_class = LocationFilter + filter_backends = [DjangoFilterBackend] + permission_classes = (IsSuperUser, DjangoModelPermissions) + + def get_queryset(self) -> QuerySet[Location]: + """Return the queryset of Locations.""" + return Location.objects.order_by_id() + + +class LocationFindingReferenceViewSet(PrefetchDojoModelViewSet): + + """A simple ViewSet for viewing and editing LocationFindingReference.""" + + serializer_class = LocationFindingReferenceSerializer + queryset = LocationFindingReference.objects.none() + filterset_class = LocationFindingReferenceFilter + filter_backends = [DjangoFilterBackend] + permission_classes = [ + IsAuthenticated, + LocationFindingReferencePermission, + ] + + def get_queryset(self) -> QuerySet[LocationFindingReference]: + """Return the queryset of LocationFindingReferences.""" + return get_authorized_location_finding_reference(Permissions.Location_View) + + +class LocationProductReferenceViewSet(PrefetchDojoModelViewSet): + + """A simple ViewSet for viewing and editing LocationProductReference.""" + + serializer_class = LocationProductReferenceSerializer + queryset = LocationProductReference.objects.none() + filterset_class = LocationProductReferenceFilter + filter_backends = [DjangoFilterBackend] + permission_classes = [ + IsAuthenticated, + LocationProductReferencePermission, + ] + + def get_queryset(self) -> QuerySet[LocationProductReference]: + """Return the queryset of LocationProductReferences.""" + return get_authorized_location_product_reference(Permissions.Location_View) diff --git a/dojo/location/manager.py b/dojo/location/manager.py new file mode 100644 index 00000000000..e4aaa13ef37 --- /dev/null +++ b/dojo/location/manager.py @@ -0,0 +1,61 @@ + +from django.db.models import CharField, F, Value +from django.db.models.functions import Coalesce + +from dojo.base_models.base import BaseManager, BaseQuerySet + + +class LocationQueryset(BaseQuerySet): + + """Location Queryset to add chainable queries.""" + + +class LocationManager(BaseManager): + + """Location manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationQueryset + + +class LocationProductReferenceQueryset(BaseQuerySet): + + """LocationProductReference Queryset to add chainable queries.""" + + def with_location_annotations(self): + """ + Annotate char fields from the nullable foreign key `location`. + Falls back to '' if the relation is NULL. + """ + return self.annotate( + location_type=Coalesce(F("location__location_type"), Value("", output_field=CharField())), + location_value=Coalesce(F("location__location_value"), Value("", output_field=CharField())), + ) + + +class LocationProductReferenceManager(BaseManager): + + """LocationProductReference manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationProductReferenceQueryset + + +class LocationFindingReferenceQueryset(BaseQuerySet): + + """LocationFindingReference Queryset to add chainable queries.""" + + def with_location_annotations(self): + """ + Annotate char fields from the nullable foreign key `location`. + Falls back to '' if the relation is NULL. + """ + return self.annotate( + location_type=Coalesce(F("location__location_type"), Value("", output_field=CharField())), + location_value=Coalesce(F("location__location_value"), Value("", output_field=CharField())), + ) + + +class LocationFindingReferenceManager(BaseManager): + + """LocationFindingReference manager to manipulate all objects with.""" + + QUERY_SET_CLASS = LocationFindingReferenceQueryset diff --git a/dojo/location/models.py b/dojo/location/models.py new file mode 100644 index 00000000000..7b39c1c0a26 --- /dev/null +++ b/dojo/location/models.py @@ -0,0 +1,363 @@ +from __future__ import annotations + +from typing import TYPE_CHECKING, Self + +from auditlog.registry import auditlog +from django.db import transaction +from django.db.models import ( + CASCADE, + RESTRICT, + CharField, + DateTimeField, + ForeignKey, + Index, + OneToOneField, + Q, + QuerySet, + UniqueConstraint, +) +from django.utils.translation import gettext_lazy as _ +from tagulous.models import TagField + +from dojo.base_models.base import BaseModel, BaseModelWithoutTimeMeta +from dojo.base_models.validators import validate_not_empty +from dojo.location.manager import ( + LocationFindingReferenceManager, + LocationFindingReferenceQueryset, + LocationManager, + LocationProductReferenceManager, + LocationProductReferenceQueryset, + LocationQueryset, +) +from dojo.location.status import FindingLocationStatus, ProductLocationStatus +from dojo.models import Dojo_User, Finding, Product, _manage_inherited_tags, copy_model_util +from dojo.settings import settings + +if TYPE_CHECKING: + from datetime import datetime + + +class Location(BaseModel): + + """Internal metadata for a location. Managed automatically by subclasses.""" + + location_type = CharField( + verbose_name=_("Location type"), + max_length=12, + null=False, + blank=False, + editable=False, + validators=[validate_not_empty], + help_text=_("The type of location that is stored. This field is automatically managed"), + ) + location_value = CharField( + verbose_name=_("Location Value"), + max_length=2048, + null=False, + blank=False, + editable=False, + validators=[validate_not_empty], + help_text=_("The string representation of a given location. This field is automatically managed"), + ) + tags = TagField( + verbose_name=_("Tags"), + blank=True, + force_lowercase=True, + related_name="location_tags", + help_text=_("A tag that can be used to differentiate a Location"), + ) + inherited_tags = TagField( + blank=True, + force_lowercase=True, + help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field"), + ) + + objects = LocationManager().from_queryset(LocationQueryset)() + + def __str__(self): + return self.location_value + + def status_from_finding(self, finding: Finding) -> str: + """Determine the status the reference should carry based on the status of the finding""" + # Set the default status to Active to be on the safe side + status = FindingLocationStatus.Active + # First determine the status based on the finding status + finding_status = finding.status() + if any(f_status in finding_status for f_status in ["Mitigated", "Inactive", "Duplicate"]): + status = FindingLocationStatus.Mitigated + elif "False Positive" in finding_status: + status = FindingLocationStatus.FalsePositive + elif "Risk Accepted" in finding_status: + status = FindingLocationStatus.RiskAccepted + return status + + def status_from_product(self, product: Product) -> str: + """Determine the status the reference should carry based on the status of the product""" + # Set the default status to non vulnerable by default + status = ProductLocationStatus.Mitigated + # First determine the status based on the number of findings present + if self.findings.filter( + finding__test__engagement__product=product, + status=FindingLocationStatus.Active, + ).exists(): + status = ProductLocationStatus.Active + return status + + def associate_with_finding( + self, + finding: Finding, + status: FindingLocationStatus | None = None, + auditor: Dojo_User | None = None, + audit_time: datetime | None = None, + ) -> LocationFindingReference: + """ + Get or create a LocationFindingReference for this location and finding, + updating the status each time. Also associates the related product. + """ + # Determine the status + if status is None: + status = self.status_from_finding(finding) + # Setup some context aware updated fields + context_fields = {"status": status} + # Check for an auditor + if auditor is not None: + context_fields["auditor"] = auditor + # Check for an audit timestamp + if audit_time is not None: + context_fields["audit_time"] = audit_time + # Determine if we need to update + # Ensure atomicity to prevent race conditions + with transaction.atomic(): + # Associate the finding with the location + reference = LocationFindingReference.objects.update_or_create( + location=self, + finding=finding, + defaults=context_fields, + )[0] + # Now associate the product for this finding (already uses update_or_create) + self.associate_with_product(finding.test.engagement.product) + + return reference + + def associate_with_product( + self, + product: Product, + status: ProductLocationStatus | None = None, + ) -> LocationProductReference: + """ + Get or create a LocationProductReference for this location and product, + updating the status each time. + """ + if status is None: + status = self.status_from_product(product) + # Use a transaction for safety in concurrent scenarios + with transaction.atomic(): + return LocationProductReference.objects.update_or_create( + location=self, + product=product, + defaults={"status": status}, + )[0] + + def disassociate_from_finding( + self, + finding: Finding, + ) -> None: + with transaction.atomic(): + LocationFindingReference.objects.filter( + location=self, + finding=finding, + ).delete() + + def disassociate_from_product( + self, + product: Product, + ) -> None: + with transaction.atomic(): + LocationProductReference.objects.filter( + location=self, + product=product, + ).delete() + + @property + def active_annotated_findings(self): + """ + This is a hack used exclusively to generate endpoint reports where findings + are fetched from the findings rather than the findings being fetched directly. + """ + # If we prefetched refs, expose the actual Finding objects + if hasattr(self, "_active_annotated_findings"): + return [ref.finding for ref in self._active_annotated_findings] + return [] + + def all_related_products(self) -> QuerySet[Product]: + return Product.objects.filter( + Q(locations__location=self) + | Q(engagement__test__finding__locations__location=self), + ).distinct() + + def products_to_inherit_tags_from(self) -> list[Product]: + from dojo.utils import get_system_setting # noqa: PLC0415 + system_wide_inherit = get_system_setting("enable_product_tag_inheritance") + return [ + product for product + in self.all_related_products() + if product.enable_product_tag_inheritance or system_wide_inherit + ] + + def inherit_tags(self, potentially_existing_tags): + # get a copy of the tags to be inherited + incoming_inherited_tags = [tag.name for product in self.products_to_inherit_tags_from() for tag in product.tags.all()] + _manage_inherited_tags(self, incoming_inherited_tags, potentially_existing_tags=potentially_existing_tags) + + class Meta: + verbose_name = "Locations - Location" + verbose_name_plural = "Locations - Locations" + indexes = [ + Index(fields=["location_type"]), + Index(fields=["location_value"]), + ] + + +class AbstractLocation(BaseModelWithoutTimeMeta): + location = OneToOneField( + Location, + on_delete=CASCADE, + editable=False, + null=False, + related_name="%(class)s", + ) + + class Meta: + abstract = True + + @classmethod + def get_location_type(cls) -> str: + """Return the type of location (e.g., 'url').""" + msg = "Subclasses must implement get_location_type" + raise NotImplementedError(msg) + + def get_location_value(self) -> str: + """Return the string representation of this location.""" + msg = "Subclasses must implement get_location_value" + raise NotImplementedError(msg) + + @staticmethod + def create_location_from_value(value: str) -> Self: + """ + Dynamically create a Location and subclass instance based on location_type + and location_value. Uses parse_string_value from the correct subclass. + """ + msg = "Subclasses must implement create_location_from_value" + raise NotImplementedError(msg) + + def pre_save_logic(self): + """Automatically create or update the associated Location.""" + location_value = self.get_location_value() + location_type = self.get_location_type() + + if not hasattr(self, "location"): + self.location = Location.objects.create( + location_type=location_type, + location_value=location_value, + ) + else: + self.location.location_type = location_type + self.location.location_value = location_value + self.location.save(update_fields=["location_type", "location_value"]) + + +class LocationFindingReference(BaseModel): + + """Manually managed One-2-Many field to represent the relationship of a finding and a location.""" + + location = ForeignKey(Location, on_delete=CASCADE, related_name="findings") + finding = ForeignKey(Finding, on_delete=CASCADE, related_name="locations") + auditor = ForeignKey(Dojo_User, editable=True, null=True, blank=True, on_delete=RESTRICT, help_text=_("The user who audited the location")) + audit_time = DateTimeField(editable=False, null=True, blank=True, help_text=_("The time when the audit was performed")) + status = CharField( + verbose_name=_("Status"), + choices=FindingLocationStatus.choices, + max_length=16, + null=False, + blank=False, + default=FindingLocationStatus.Active, + editable=True, + validators=[validate_not_empty], + help_text=_("The status of the the given Location"), + ) + + objects = LocationFindingReferenceManager().from_queryset(LocationFindingReferenceQueryset)() + + def __str__(self) -> str: + """Return the string representation of a LocationProductReference.""" + return f"{self.location} - Finding: {self.finding} ({self.status})" + + def copy(self, finding) -> Self: + copy = copy_model_util(self) + copy.finding = finding + copy.location = self.location + copy.save() + return copy + + def set_status(self, status: FindingLocationStatus, auditor: Dojo_User, audit_time: datetime) -> None: + self.status = status + self.auditor = auditor + self.audit_time = audit_time + self.save() + + class Meta: + verbose_name = "Locations - FindingReference" + verbose_name_plural = "Locations - FindingReferences" + constraints = [ + UniqueConstraint( + fields=["location", "finding"], + name="unique_location_and_finding", + ), + ] + indexes = [ + Index(fields=["location"]), + Index(fields=["finding"]), + ] + + +class LocationProductReference(BaseModel): + + """Manually managed One-2-Many field to represent the relationship of a product and a location.""" + + location = ForeignKey(Location, on_delete=CASCADE, related_name="products") + product = ForeignKey(Product, on_delete=CASCADE, related_name="locations") + status = CharField( + verbose_name=_("Status"), + choices=ProductLocationStatus.choices, + max_length=16, + null=False, + blank=False, + default=ProductLocationStatus.Mitigated, + editable=True, + validators=[validate_not_empty], + help_text=_("The status of the the given Location"), + ) + + objects = LocationProductReferenceManager().from_queryset(LocationProductReferenceQueryset)() + + def __str__(self) -> str: + """Return the string representation of a LocationProductReference.""" + return f"{self.location} - Product: {self.product} ({self.status})" + + class Meta: + verbose_name = "Locations - ProductReference" + verbose_name_plural = "Locations - ProductReferences" + constraints = [ + UniqueConstraint( + fields=["location", "product"], + name="unique_location_and_product", + ), + ] + indexes = [ + Index(fields=["location"]), + Index(fields=["product"]), + ] + + +if settings.ENABLE_AUDITLOG: + auditlog.register(Location) diff --git a/dojo/location/queries.py b/dojo/location/queries.py new file mode 100644 index 00000000000..fae2a5b9ad8 --- /dev/null +++ b/dojo/location/queries.py @@ -0,0 +1,226 @@ +import logging + +from crum import get_current_user +from django.db.models import ( + Case, + CharField, + Count, + Exists, + F, + IntegerField, + OuterRef, + Q, + QuerySet, + Subquery, + Value, + When, +) +from django.db.models.functions import Coalesce + +from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission +from dojo.location.models import Location, LocationFindingReference, LocationProductReference +from dojo.location.status import FindingLocationStatus, ProductLocationStatus +from dojo.models import ( + Finding, + Product_Group, + Product_Member, + Product_Type_Group, + Product_Type_Member, +) +from dojo.query_utils import build_count_subquery + +logger = logging.getLogger(__name__) + + +def get_authorized_locations(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return Location.objects.none() + + locations = Location.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return locations + + if user_has_global_permission(user, permission): + return locations + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("products__product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("products__product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("products__product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("products__product_id"), + group__users=user, + role__in=roles) + locations = locations.annotate( + product__prod_type__member=Exists(authorized_product_type_roles), + product__member=Exists(authorized_product_roles), + product__prod_type__authorized_group=Exists(authorized_product_type_groups), + product__authorized_group=Exists(authorized_product_groups)) + return locations.filter( + Q(product__prod_type__member=True) | Q(product__member=True) + | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + + +def get_authorized_location_finding_reference(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return LocationFindingReference.objects.none() + + location_finding_reference = LocationFindingReference.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return location_finding_reference + + if user_has_global_permission(user, permission): + return location_finding_reference + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("location__products__product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("location__products__product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("location__products__product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("location__products__product_id"), + group__users=user, + role__in=roles) + location_finding_reference = location_finding_reference.annotate( + location__product__prod_type__member=Exists(authorized_product_type_roles), + location__product__member=Exists(authorized_product_roles), + location__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + location__product__authorized_group=Exists(authorized_product_groups)) + return location_finding_reference.filter( + Q(location__product__prod_type__member=True) | Q(location__product__member=True) + | Q(location__product__prod_type__authorized_group=True) | Q(location__product__authorized_group=True)) + + +def get_authorized_location_product_reference(permission, queryset=None, user=None): + + if user is None: + user = get_current_user() + + if user is None: + return LocationProductReference.objects.none() + + location_product_reference = LocationProductReference.objects.all().order_by("id") if queryset is None else queryset + + if user.is_superuser: + return location_product_reference + + if user_has_global_permission(user, permission): + return location_product_reference + + roles = get_roles_for_permission(permission) + authorized_product_type_roles = Product_Type_Member.objects.filter( + product_type=OuterRef("product__prod_type_id"), + user=user, + role__in=roles) + authorized_product_roles = Product_Member.objects.filter( + product=OuterRef("product_id"), + user=user, + role__in=roles) + authorized_product_type_groups = Product_Type_Group.objects.filter( + product_type=OuterRef("product__prod_type_id"), + group__users=user, + role__in=roles) + authorized_product_groups = Product_Group.objects.filter( + product=OuterRef("product_id"), + group__users=user, + role__in=roles) + location_product_reference = location_product_reference.annotate( + location__product__prod_type__member=Exists(authorized_product_type_roles), + location__product__member=Exists(authorized_product_roles), + location__product__prod_type__authorized_group=Exists(authorized_product_type_groups), + location__product__authorized_group=Exists(authorized_product_groups)) + return location_product_reference.filter( + Q(location__product__prod_type__member=True) | Q(location__product__member=True) + | Q(location__product__prod_type__authorized_group=True) | Q(location__product__authorized_group=True)) + + +def annotate_location_counts_and_status(locations): + # Annotate the queryset with counts of findings + # This aggregates the total and active findings by joining LocationFindingReference. + finding_counts = ( + LocationFindingReference.objects.prefetch_related("location") + .filter(location=OuterRef("id")) + .values("location") + .annotate( + total_findings=Count("finding_id", distinct=True), + active_findings=Count( + "finding_id", + filter=Q(status=FindingLocationStatus.Active), + distinct=True, + ), + ) + .order_by("location") + ) + # Annotate the queryset with counts of products + # This aggregates the total and active products by joining LocationProductReference. + product_counts = ( + LocationProductReference.objects.prefetch_related("location") + .filter(location=OuterRef("id")) + .values("location") + .annotate( + total_products=Count("product_id", distinct=True), + active_products=Count( + "product_id", + filter=Q(status=ProductLocationStatus.Active), + distinct=True, + ), + ) + .order_by("location") + ) + # Annotate each Location with findings counts, products counts, and overall status. + return locations.prefetch_related("url").annotate( + total_findings=Coalesce(Subquery(finding_counts.values("total_findings")[:1]), Value(0), output_field=IntegerField()), + active_findings=Coalesce(Subquery(finding_counts.values("active_findings")[:1]), Value(0), output_field=IntegerField()), + total_products=Coalesce(Subquery(product_counts.values("total_products")[:1]), Value(0), output_field=IntegerField()), + active_products=Coalesce(Subquery(product_counts.values("active_products")[:1]), Value(0), output_field=IntegerField()), + mitigated_findings=F("total_findings") - F("active_findings"), + overall_status=Case( + When( + Q(active_products__gt=0) | Q(active_findings__gt=0), + then=Value(ProductLocationStatus.Active), + ), + default=Value(ProductLocationStatus.Mitigated), + output_field=CharField(), + ), + ) + + +def prefetch_for_locations(locations): + if isinstance(locations, QuerySet): + locations = locations.prefetch_related("tags") + active_finding_subquery = build_count_subquery( + Finding.objects.filter(locations=OuterRef("pk"), active=True), + group_field="locations", + ) + locations = locations.annotate(active_finding_count=Coalesce(active_finding_subquery, Value(0))) + else: + logger.debug("unable to prefetch because query was already executed") + + return locations diff --git a/dojo/location/status.py b/dojo/location/status.py new file mode 100644 index 00000000000..18ccd602df1 --- /dev/null +++ b/dojo/location/status.py @@ -0,0 +1,25 @@ +from __future__ import annotations + +from django.db.models import ( + TextChoices, +) +from django.utils.translation import gettext_lazy as _ + + +class FindingLocationStatus(TextChoices): + + """Types of supported Location Statuses.""" + + Active = "Active", _("Active") + Mitigated = "Mitigated", _("Mitigated") + FalsePositive = "FalsePositive", _("False Positive") + RiskAccepted = "RiskAccepted", _("Risk Accepted") + OutOfScope = "OutOfScope", _("Out Of Scope") + + +class ProductLocationStatus(TextChoices): + + """Types of supported Location Statuses.""" + + Active = "Active", _("Active") + Mitigated = "Mitigated", _("Mitigated") diff --git a/dojo/location/utils.py b/dojo/location/utils.py new file mode 100644 index 00000000000..5cf3df25d1e --- /dev/null +++ b/dojo/location/utils.py @@ -0,0 +1,86 @@ +import logging + +from django.core.exceptions import ValidationError +from django.db.models import Q + +from dojo.location.models import AbstractLocation +from dojo.url.models import URL +from dojo.url.validators import DEFAULT_PORTS + +logger = logging.getLogger(__name__) + + +def save_location(unsaved_location: AbstractLocation) -> AbstractLocation: + # Only support URLs at this time + if isinstance(unsaved_location, URL): + return URL.get_or_create_from_object(unsaved_location) + error_message = f"Unsupported location type {type(unsaved_location)}" + raise ValidationError(error_message) + + +def save_locations_to_add(locations_to_add: list[AbstractLocation]) -> list[AbstractLocation]: + return [save_location(unsaved_location) for unsaved_location in locations_to_add] + + +def validate_locations_to_add(locations_to_add: str) -> tuple[list[AbstractLocation], list[ValidationError]]: + errors = [] + locations = [] + location_strings = locations_to_add.split() + # For now, we only support URL location types + for location_string in location_strings: + try: + locations.append(URL.from_value(location_string)) + except ValidationError as ves: + errors.extend(ValidationError(f"Invalid location {location_string}: {ve}") for ve in ves) + + return locations, errors + + +# This code blatantly rips off dojo.endpoint.utils.endpoint_filter() +def url_filter(**kwargs): + qs = URL.objects.all() + + qs = qs.filter(protocol__iexact=kwargs["protocol"]) if kwargs.get("protocol") else qs.filter(protocol="") + + qs = qs.filter(user_info__exact=kwargs["user_info"]) if kwargs.get("user_info") else qs.filter(user_info="") + + qs = qs.filter(host__iexact=kwargs["host"]) if kwargs.get("host") else qs.filter(host="") + + if kwargs.get("port"): + if (kwargs.get("protocol")) and \ + (kwargs["protocol"].lower() in DEFAULT_PORTS) and \ + (DEFAULT_PORTS[kwargs["protocol"].lower()] == kwargs["port"]): + qs = qs.filter(Q(port__isnull=True) | Q(port__exact=DEFAULT_PORTS[kwargs["protocol"].lower()])) + else: + qs = qs.filter(port__exact=kwargs["port"]) + elif (kwargs.get("protocol")) and (kwargs["protocol"].lower() in DEFAULT_PORTS): + qs = qs.filter(Q(port__isnull=True) | Q(port__exact=DEFAULT_PORTS[kwargs["protocol"].lower()])) + else: + qs = qs.filter(port__isnull=True) + + qs = qs.filter(path__exact=kwargs["path"]) if kwargs.get("path") else qs.filter(path="") + + qs = qs.filter(query__exact=kwargs["query"]) if kwargs.get("query") else qs.filter(query="") + + return qs.filter(fragment__exact=kwargs["fragment"]) if kwargs.get("fragment") else qs.filter(fragment="") + + +# This code blatantly rips off dojo.endpoint.utils.endpoint_get_or_create() +def url_get_or_create(**kwargs): + # This code looks a bit ugly/complicated. + # But this method is called so frequently that we need to optimize it. + # It executes at most one SELECT and one optional INSERT. + qs = url_filter(**kwargs) + # Fetch up to two matches in a single round-trip. This covers + # the common cases efficiently: zero (create) or one (reuse). + matches = list(qs.order_by("id")[:2]) + if not matches: + # Most common case: nothing exists yet + return URL.get_or_create_from_values(**kwargs), True + if len(matches) == 1: + # Common case: exactly one existing URL + return matches[0], False + # Get the oldest URL first, and return that instead + # a datetime is not captured on the URL model, so ID + # will have to work here instead + return matches[0], False diff --git a/dojo/management/commands/dedupe.py b/dojo/management/commands/dedupe.py index 3eddccdc45d..a4cbee519a6 100644 --- a/dojo/management/commands/dedupe.py +++ b/dojo/management/commands/dedupe.py @@ -8,8 +8,8 @@ from dojo.finding.deduplication import ( dedupe_batch_of_findings, do_dedupe_batch_task, - do_dedupe_finding, do_dedupe_finding_task, + do_dedupe_finding_task_internal, get_finding_models_for_deduplication, ) from dojo.models import Finding, Product @@ -89,16 +89,29 @@ def _run_dedupe(self, *, restrict_to_parsers, hash_code_only, dedupe_only, dedup findings = Finding.objects.all().filter(id__gt=0).exclude(duplicate=True) logger.info("######## Will process the full database with %d findings ########", findings.count()) - # Prefetch related objects for synchronous deduplication - findings = findings.select_related( - "test", "test__engagement", "test__engagement__product", "test__test_type", - ).prefetch_related( - "endpoints", - Prefetch( - "original_finding", - queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), - ), - ) + if settings.V3_FEATURE_LOCATIONS: + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "locations", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) + else: + # TODO: Delete this after the move to Locations + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "endpoints", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) # Phase 1: update hash_codes without deduplicating if not dedupe_only: @@ -115,7 +128,7 @@ def _run_dedupe(self, *, restrict_to_parsers, hash_code_only, dedupe_only, dedup if dedupe_batch_mode: self._dedupe_batch_mode(findings, dedupe_sync=dedupe_sync) elif dedupe_sync: - mass_model_updater(Finding, findings, do_dedupe_finding, fields=None, order="desc", page_size=100, log_prefix="deduplicating ") + mass_model_updater(Finding, findings, do_dedupe_finding_task_internal, fields=None, order="desc", page_size=100, log_prefix="deduplicating ") else: # async tasks only need the id mass_model_updater(Finding, findings.only("id"), lambda f: do_dedupe_finding_task(f.id), fields=None, order="desc", log_prefix="deduplicating ") @@ -125,7 +138,7 @@ def _run_dedupe(self, *, restrict_to_parsers, hash_code_only, dedupe_only, dedup # in async mode the background task that grades products every hour will pick it up logger.debug("Updating grades for products...") for product in Product.objects.all(): - calculate_grade(product) + calculate_grade(product.id) logger.info("######## Done deduplicating (%s) ########", ("foreground" if dedupe_sync else "tasks submitted to celery")) else: diff --git a/dojo/management/commands/migrate_endpoints_to_locations.py b/dojo/management/commands/migrate_endpoints_to_locations.py new file mode 100644 index 00000000000..d30fa121d3b --- /dev/null +++ b/dojo/management/commands/migrate_endpoints_to_locations.py @@ -0,0 +1,97 @@ +import datetime +import logging + +from django.core.management.base import BaseCommand +from django.utils import timezone + +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.models import DojoMeta, Endpoint, Endpoint_Status +from dojo.url.models import URL + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + + """ + This management command creates a mapping from Endpoints and Endpoint Statuses to a new Locations system. + The following occurs: + - Endpoints -> URL (which will create a Location) + - Products on Endpoint -> LocationProductReference + - Findings on Endpoints -> LocationProductReference + """ + + help = "Usage: manage.py migrate_endpoints_to_locations" + + def _endpoint_to_url(self, endpoint: Endpoint) -> Location: + # Create the raw URL object first + # This should create the location object as well + url = URL.get_or_create_from_values( + protocol=endpoint.protocol, + user_info=endpoint.userinfo, + host=endpoint.host, + port=endpoint.port, + path=endpoint.path, + query=endpoint.query, + fragment=endpoint.fragment, + ) + # Add the endpoint tags to the location tags + if endpoint.tags: + [url.location.tags.add(tag) for tag in set(endpoint.tags.values_list("name", flat=True))] + # Add any metadata from the endpoint to the location + for meta in endpoint.endpoint_meta.all(): + DojoMeta.objects.get_or_create( + name=meta.name, + value=meta.value, + location=url.location, + ) + + return url.location + + def _convert_endpoint_status_to_string_status(self, endpoint_status: Endpoint_Status) -> str: + """ + Start the conversion with the "special" statuses first since we are moving to a model + of having a single status possible rather than a combo of many + """ + if endpoint_status.risk_accepted: + return FindingLocationStatus.RiskAccepted + if endpoint_status.false_positive: + return FindingLocationStatus.FalsePositive + if endpoint_status.out_of_scope: + return FindingLocationStatus.OutOfScope + if endpoint_status.mitigated: + return FindingLocationStatus.Mitigated + # Default to Active + return FindingLocationStatus.Active + + def _associate_location_with_findings(self, endpoint: Endpoint, location: Location) -> None: + # Determine if we can associate from the finding, or if have to use the product (for cases of zero findings on an endpoint) + if endpoint.status_endpoint.exists(): + # Iterate over each endpoint status to get the status and the finding object + for endpoint_status in endpoint.status_endpoint.all(): + if finding := endpoint_status.finding: + # Determine the status of the location based on the status of the endpoint status + status = self._convert_endpoint_status_to_string_status(endpoint_status) + # Create the association (which will also associate with the product) + reference = location.associate_with_finding( + finding=finding, + status=status, + auditor=endpoint_status.mitigated_by, + audit_time=endpoint_status.mitigated_time or endpoint_status.last_modified, + ) + # Update the created date from the endpoint status date + reference.created = timezone.make_aware(datetime.datetime(endpoint_status.date.year, endpoint_status.date.month, endpoint_status.date.day)) + reference.save(update_fields=["created"]) + # If there are no findings, we can at least associate with the product if it exists + elif product := endpoint.product: + location.associate_with_product(product) + + def handle(self, *args, **options): + # Start off with the endpoint objects - it should everything we need + for endpoint in Endpoint.objects.all().iterator(): + # Get the URL object first + location = self._endpoint_to_url(endpoint) + # Associate the URL with the findings associated with the Findings + # the association to a finding will also apply to a product automatically + self._associate_location_with_findings(endpoint, location) diff --git a/dojo/management/commands/pghistory_backfill.py b/dojo/management/commands/pghistory_backfill.py index 751799831a2..9c25017c598 100644 --- a/dojo/management/commands/pghistory_backfill.py +++ b/dojo/management/commands/pghistory_backfill.py @@ -156,6 +156,19 @@ def handle(self, *args, **options): "Product_Type", "Product", "Test", "Risk_Acceptance", "Finding_Template", "Cred_User", "Notification_Webhooks", "FindingReviewers", # M2M through table for Finding.reviewers + # Tag through tables (tagulous auto-generated) + "FindingTags", + "FindingInheritedTags", + "ProductTags", + "EngagementTags", + "EngagementInheritedTags", + "TestTags", + "TestInheritedTags", + "EndpointTags", + "EndpointInheritedTags", + "FindingTemplateTags", + "AppAnalysisTags", + "ObjectsProductTags", ] specific_model = options.get("model") diff --git a/dojo/management/commands/pghistory_backfill_simple.py b/dojo/management/commands/pghistory_backfill_simple.py index ebc4d452473..dd4d08f1008 100644 --- a/dojo/management/commands/pghistory_backfill_simple.py +++ b/dojo/management/commands/pghistory_backfill_simple.py @@ -47,6 +47,20 @@ def handle(self, *args, **options): "Finding_Template", "Cred_User", "Notification_Webhooks", + "FindingReviewers", # M2M through table for Finding.reviewers + # Tag through tables (tagulous auto-generated) + "FindingTags", + "FindingInheritedTags", + "ProductTags", + "EngagementTags", + "EngagementInheritedTags", + "TestTags", + "TestInheritedTags", + "EndpointTags", + "EndpointInheritedTags", + "FindingTemplateTags", + "AppAnalysisTags", + "ObjectsProductTags", ] if specific_models: diff --git a/dojo/management/commands/test_celery_decorator.py b/dojo/management/commands/test_celery_decorator.py index ed9488541fa..16ccef02b39 100644 --- a/dojo/management/commands/test_celery_decorator.py +++ b/dojo/management/commands/test_celery_decorator.py @@ -7,7 +7,6 @@ from dojo.celery import app # from dojo.utils import get_system_setting, do_dedupe_finding, dojo_async_task -from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id from dojo.models import Finding, Notes from dojo.utils import test_valentijn @@ -81,16 +80,3 @@ def wrapper(*args, **kwargs): @my_decorator_inside def my_test_task(new_finding, *args, **kwargs): logger.debug("oh la la what a nice task") - - -# example working with multiple parameters... -@dojo_model_to_id(parameter=1) -@dojo_model_to_id -@dojo_async_task -@app.task -@dojo_model_from_id(model=Notes, parameter=1) -@dojo_model_from_id -def test_valentijn_task(new_finding, note, **kwargs): - logger.debug("test_valentijn:") - logger.debug(new_finding) - logger.debug(note) diff --git a/dojo/metrics/utils.py b/dojo/metrics/utils.py index 3c7750e5130..ec73ff60762 100644 --- a/dojo/metrics/utils.py +++ b/dojo/metrics/utils.py @@ -17,7 +17,7 @@ from django.utils.translation import gettext as _ from dojo.authorization.roles_permissions import Permissions -from dojo.endpoint.queries import get_authorized_endpoint_status +from dojo.endpoint.queries import get_authorized_endpoint_status_for_queryset from dojo.filters import ( MetricsEndpointFilter, MetricsEndpointFilterWithoutObjectLookups, @@ -169,6 +169,7 @@ def finding_queries( } +# TODO: Delete this after the move to Locations def endpoint_queries( prod_type: QuerySet[Product_Type], request: HttpRequest, @@ -184,7 +185,7 @@ def endpoint_queries( "finding__reporter", ) - endpoints_query = get_authorized_endpoint_status(Permissions.Endpoint_View, endpoints_query, request.user) + endpoints_query = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, endpoints_query, request.user) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = MetricsEndpointFilterWithoutObjectLookups if filter_string_matching else MetricsEndpointFilter endpoints = filter_class(request.GET, queryset=endpoints_query) @@ -230,8 +231,8 @@ def endpoint_queries( "finding__test__engagement__product", ) - endpoints_closed = get_authorized_endpoint_status(Permissions.Endpoint_View, endpoints_closed, request.user) - accepted_endpoints = get_authorized_endpoint_status(Permissions.Endpoint_View, accepted_endpoints, request.user) + endpoints_closed = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, endpoints_closed, request.user) + accepted_endpoints = get_authorized_endpoint_status_for_queryset(Permissions.Location_View, accepted_endpoints, request.user) accepted_endpoints_counts = severity_count(accepted_endpoints, "aggregate", "finding__severity") weeks_between, months_between = period_deltas(start_date, end_date) diff --git a/dojo/metrics/views.py b/dojo/metrics/views.py index 88788660b1c..99c0aea617f 100644 --- a/dojo/metrics/views.py +++ b/dojo/metrics/views.py @@ -100,6 +100,7 @@ def metrics(request, mtype): if view == "Finding": page_name = str(labels.ORG_METRICS_BY_FINDINGS_LABEL) filters = finding_queries(prod_type, request) + # TODO: Delete this after the move to Locations elif view == "Endpoint": page_name = str(labels.ORG_METRICS_BY_ENDPOINTS_LABEL) filters = endpoint_queries(prod_type, request) diff --git a/dojo/models.py b/dojo/models.py index 7ab85e710d9..2281a2bfac8 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -1,4 +1,5 @@ import base64 +import contextlib import copy import hashlib import logging @@ -8,6 +9,7 @@ from datetime import datetime, timedelta from decimal import Decimal from pathlib import Path +from typing import TYPE_CHECKING from urllib.parse import urlparse from uuid import uuid4 @@ -44,8 +46,12 @@ from tagulous.models.managers import FakeTagRelatedManager from titlecase import titlecase +from dojo.base_models.base import BaseModel from dojo.validators import cvss3_validator, cvss4_validator +if TYPE_CHECKING: + from dojo.location.models import AbstractLocation + logger = logging.getLogger(__name__) deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") @@ -831,7 +837,7 @@ def clean(self): raise ValidationError(msg) -class Product_Type(models.Model): +class Product_Type(BaseModel): """ Product types represent the top level model, these can be business unit divisions, different offices or locations, development teams, or any other logical way of distinguishing "types" of products. @@ -847,8 +853,6 @@ class Product_Type(models.Model): description = models.CharField(max_length=4000, null=True, blank=True) critical_product = models.BooleanField(default=False) key_product = models.BooleanField(default=False) - updated = models.DateTimeField(auto_now=True, null=True) - created = models.DateTimeField(auto_now_add=True, null=True) members = models.ManyToManyField(Dojo_User, through="Product_Type_Member", related_name="prod_type_members", blank=True) authorization_groups = models.ManyToManyField(Dojo_Group, through="Product_Type_Group", related_name="product_type_groups", blank=True) @@ -955,11 +959,17 @@ class DojoMeta(models.Model): null=True, editable=False, related_name="finding_meta") + location = models.ForeignKey("Location", + on_delete=models.CASCADE, + null=True, + editable=False, + related_name="location_meta") class Meta: unique_together = (("product", "name"), ("endpoint", "name"), - ("finding", "name")) + ("finding", "name"), + ("location", "name")) def __str__(self): return f"{self.name}: {self.value}" @@ -971,7 +981,8 @@ def clean(self): ids = [self.product_id, self.endpoint_id, - self.finding_id] + self.finding_id, + self.location_id] ids_count = 0 for obj_id in ids: @@ -979,10 +990,10 @@ def clean(self): ids_count += 1 if ids_count == 0: - msg = "Metadata entries need either a product, an endpoint or a finding" + msg = "Metadata entries need either a product, endpoint, location or a finding" raise ValidationError(msg) if ids_count > 1: - msg = "Metadata entries may not have more than one relation, either a product, an endpoint either or a finding" + msg = "Metadata entries may not have more than one relation, either a product, endpoint, location or a finding" raise ValidationError(msg) @@ -1104,7 +1115,7 @@ def get_summary(self): return f"{self.name} - Critical: {self.critical}, High: {self.high}, Medium: {self.medium}, Low: {self.low}" -class Product(models.Model): +class Product(BaseModel): WEB_PLATFORM = "web" IOT = "iot" DESKTOP_PLATFORM = "desktop" @@ -1167,10 +1178,8 @@ class Product(models.Model): team_manager = models.ForeignKey(Dojo_User, null=True, blank=True, related_name="team_manager", on_delete=models.RESTRICT) - created = models.DateTimeField(auto_now_add=True, null=True) prod_type = models.ForeignKey(Product_Type, related_name="prod_type", null=False, blank=False, on_delete=models.CASCADE) - updated = models.DateTimeField(auto_now=True, null=True) sla_configuration = models.ForeignKey(SLA_Configuration, related_name="sla_config", null=False, @@ -1271,6 +1280,7 @@ def findings_active_verified_count(self): test__engagement__product=self).count() return self.active_verified_finding_count + # TODO: Delete this after the move to Locations @cached_property def endpoint_host_count(self): # active_endpoints is (should be) prefetched @@ -1284,6 +1294,7 @@ def endpoint_host_count(self): return len(hosts) + # TODO: Delete this after the move to Locations @cached_property def endpoint_count(self): # active_endpoints is (should be) prefetched @@ -1498,7 +1509,7 @@ def __str__(self): ("Waiting for Resource", "Waiting for Resource")) -class Engagement(models.Model): +class Engagement(BaseModel): name = models.CharField(max_length=300, null=True, blank=True) description = models.CharField(max_length=2000, null=True, blank=True) version = models.CharField(max_length=100, null=True, blank=True, help_text=_("Version of the product the engagement tested.")) @@ -1511,8 +1522,6 @@ class Engagement(models.Model): reason = models.CharField(max_length=2000, null=True, blank=True) report_type = models.ForeignKey(Report_Type, null=True, blank=True, on_delete=models.CASCADE) product = models.ForeignKey(Product, on_delete=models.CASCADE) - updated = models.DateTimeField(auto_now=True, null=True) - created = models.DateTimeField(auto_now_add=True, null=True) active = models.BooleanField(default=True, editable=False) tracker = models.URLField(max_length=200, help_text=_("Link to epic or ticket system with changes to version."), editable=True, blank=True, null=True) test_strategy = models.URLField(editable=True, blank=True, null=True) @@ -1522,7 +1531,7 @@ class Engagement(models.Model): check_list = models.BooleanField(default=True) notes = models.ManyToManyField(Notes, blank=True, editable=False) files = models.ManyToManyField(FileUpload, blank=True, editable=False) - status = models.CharField(editable=True, max_length=2000, default="", + status = models.CharField(editable=True, max_length=2000, default="Not Started", null=True, choices=ENGAGEMENT_STATUS_CHOICES) progress = models.CharField(max_length=100, @@ -1694,7 +1703,8 @@ class Meta: ] def __str__(self): - return f"'{self.finding}' on '{self.endpoint}'" + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + return f"'{self.finding}' on '{self.endpoint}'" def copy(self, finding=None): copy = copy_model_util(self) @@ -1755,6 +1765,12 @@ class Meta: ), ] + def __init__(self, *args, **kwargs): + if settings.V3_FEATURE_LOCATIONS and not getattr(self, "_allow_v3_init", False): + msg = "Endpoint model is deprecated when V3_FEATURE_LOCATIONS is enabled" + raise NotImplementedError(msg) + super().__init__(*args, **kwargs) + def __hash__(self): return self.__str__().__hash__() @@ -1826,6 +1842,21 @@ def __str__(self): def get_absolute_url(self): return reverse("view_endpoint", args=[str(self.id)]) + @classmethod + @contextlib.contextmanager + def allow_endpoint_init(cls): + # When migrating to Locations, Endpoints are not deleted (hooray backup!). Disallowing the initialization of + # Endpoints is a good way to catch where they might still be used (oops!). However, there are some circumstances + # -- object deletes -- where Django itself attempts to instantiate an Endpoint object. This, we need to allow: + # if a user wants to delete an object, including whatever Endpoints are attached to it, they should be able to. + # This context manager allows code to initialize Endpoints at our discretion. + old = getattr(cls, "_allow_v3_init", None) + cls._allow_v3_init = True + try: + yield + finally: + cls._allow_v3_init = old + def clean(self): errors = [] null_char_list = ["0x00", "\x00"] @@ -2339,7 +2370,7 @@ def __str__(self): return f"{self.finding.id}: {self.action}" -class Finding(models.Model): +class Finding(BaseModel): title = models.CharField(max_length=511, verbose_name=_("Title"), help_text=_("A short description of the flaw.")) @@ -2439,6 +2470,7 @@ class Finding(models.Model): blank=True, verbose_name=_("Severity Justification"), help_text=_("Text describing why a certain severity was associated with this flaw.")) + # TODO: Delete this after the move to Locations endpoints = models.ManyToManyField(Endpoint, blank=True, verbose_name=_("Endpoints"), @@ -2609,10 +2641,6 @@ class Finding(models.Model): dynamic_finding = models.BooleanField(default=True, verbose_name=_("Dynamic finding (DAST)"), help_text=_("Flaw has been detected from a Dynamic Application Security Testing tool (DAST).")) - created = models.DateTimeField(auto_now_add=True, - null=True, - verbose_name=_("Created"), - help_text=_("The date the finding was created inside DefectDojo.")) scanner_confidence = models.IntegerField(null=True, blank=True, default=None, @@ -2738,7 +2766,11 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.unsaved_endpoints = [] + if settings.V3_FEATURE_LOCATIONS: + self.unsaved_locations: list[AbstractLocation] = [] + else: + # TODO: Delete this after the move to Locations + self.unsaved_endpoints = [] self.unsaved_request = None self.unsaved_response = None self.unsaved_tags = None @@ -2799,7 +2831,14 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru self.set_hash_code(dedupe_option) if is_new_finding: - if (self.file_path is not None) and (len(self.unsaved_endpoints) == 0): + if settings.V3_FEATURE_LOCATIONS: + if (self.file_path is not None) and (len(self.unsaved_locations) == 0): + self.static_finding = True + self.dynamic_finding = False + elif (self.file_path is not None): + self.static_finding = True + # TODO: Delete this after the move to Locations + elif (self.file_path is not None) and (len(self.unsaved_endpoints) == 0): self.static_finding = True self.dynamic_finding = False elif (self.file_path is not None): @@ -2810,18 +2849,27 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru finding_helper.update_finding_status(self, user, changed_fields={"id": (None, None)}) # logger.debug('setting static / dynamic in save') - # need to have an id/pk before we can access endpoints - elif (self.file_path is not None) and (self.endpoints.count() == 0): - self.static_finding = True - self.dynamic_finding = False - elif (self.file_path is not None): - self.static_finding = True + # need to have an id/pk before we can access locations/endpoints + elif self.file_path is not None: + if settings.V3_FEATURE_LOCATIONS: + if not self.locations.exists(): + self.static_finding = True + self.dynamic_finding = False + else: + self.static_finding = True + # TODO: Delete this after the move to Locations + elif not self.endpoints.exists(): + self.static_finding = True + self.dynamic_finding = False + else: + self.static_finding = True # update the SLA expiration date last, after all other finding fields have been updated self.set_sla_expiration_date() logger.debug("Saving finding of id " + str(self.id) + " dedupe_option:" + str(dedupe_option) + " (self.pk is %s)", "None" if self.pk is None else "not None") - super().save(*args, **kwargs) + # We cannot run the full_clean method here without issue, so we specify skip_validation + super().save(*args, **kwargs, skip_validation=True) # Only add to found_by for newly-created findings (avoid doing this on every update) if is_new_finding: @@ -2830,7 +2878,7 @@ def save(self, dedupe_option=True, rules_option=True, product_grading_option=Tru # only perform post processing (in celery task) if needed. this check avoids submitting 1000s of tasks to celery that will do nothing system_settings = System_Settings.objects.get() if dedupe_option or issue_updater_option or (product_grading_option and system_settings.enable_product_grade) or push_to_jira: - finding_helper.post_process_finding_save(self, dedupe_option=dedupe_option, rules_option=rules_option, product_grading_option=product_grading_option, + finding_helper.post_process_finding_save(self.id, dedupe_option=dedupe_option, rules_option=rules_option, product_grading_option=product_grading_option, issue_updater_option=issue_updater_option, push_to_jira=push_to_jira, user=user, *args, **kwargs) else: logger.debug("no options selected that require finding post processing") @@ -2843,7 +2891,6 @@ def copy(self, test=None): # Save the necessary ManyToMany relationships old_notes = list(self.notes.all()) old_files = list(self.files.all()) - old_status_findings = list(self.status_finding.all()) old_reviewers = list(self.reviewers.all()) old_found_by = list(self.found_by.all()) old_tags = list(self.tags.all()) @@ -2858,9 +2905,16 @@ def copy(self, test=None): # Copy the files for files in old_files: copy.files.add(files.copy()) - # Copy the endpoint_status - for endpoint_status in old_status_findings: - endpoint_status.copy(finding=copy) # adding or setting is not necessary, link is created by Endpoint_Status.copy() + if settings.V3_FEATURE_LOCATIONS: + old_location_refs = self.locations.all() + for location_ref in old_location_refs: + location_ref.copy(copy) + else: + # TODO: Delete this after the move to Locations + # Copy the endpoint_status + old_status_findings = list(self.status_finding.all()) + for endpoint_status in old_status_findings: + endpoint_status.copy(finding=copy) # adding or setting is not necessary, link is created by Endpoint_Status.copy() # Assign any reviewers copy.reviewers.set(old_reviewers) # Assign any found_by @@ -2938,11 +2992,12 @@ def compute_hash_code(self): fields_to_hash = "" for hashcodeField in hash_code_fields: + # Note: preserve this field label ("endpoints") for settings purposes through the Locations migration if hashcodeField == "endpoints": - # For endpoints, need to compute the field - myEndpoints = self.get_endpoints() - fields_to_hash += myEndpoints - deduplicationLogger.debug(hashcodeField + " : " + myEndpoints) + # For locations/endpoints, need to compute the field + locations = self.get_locations() + fields_to_hash += locations + deduplicationLogger.debug(hashcodeField + " : " + locations) elif hashcodeField == "vulnerability_ids": # For vulnerability_ids, need to compute the field my_vulnerability_ids = self.get_vulnerability_ids() @@ -2992,33 +3047,59 @@ def _get_saved_vulnerability_ids(finding) -> str: return _get_saved_vulnerability_ids(self) or _get_unsaved_vulnerability_ids(self) - # Get endpoints to use for hash_code computation - # (This sometimes reports "None") - def get_endpoints(self): - - def _get_unsaved_endpoints(finding) -> str: - if len(finding.unsaved_endpoints) > 0: - deduplicationLogger.debug("get_endpoints before the finding was saved") - # convert list of unsaved endpoints to the list of their canonical representation - endpoint_str_list = [str(endpoint) for endpoint in finding.unsaved_endpoints] - # deduplicate (usually done upon saving finding) and sort endpoints - return "".join(dict.fromkeys(endpoint_str_list)) + # Get locations/endpoints to use for hash_code computation + def get_locations(self): + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + # Get endpoints to use for hash_code computation + # (This sometimes reports "None") + def _get_unsaved_endpoints(finding) -> str: + if len(finding.unsaved_endpoints) > 0: + deduplicationLogger.debug("get_endpoints before the finding was saved") + # convert list of unsaved endpoints to the list of their canonical representation + endpoint_str_list = [str(endpoint) for endpoint in finding.unsaved_endpoints] + # deduplicate (usually done upon saving finding) and sort endpoints + return "".join(dict.fromkeys(endpoint_str_list)) + # we can get here when the parser defines static_finding=True but leaves dynamic_finding defaulted + # In this case, before saving the finding, both static_finding and dynamic_finding are True + # After saving dynamic_finding may be set to False probably during the saving process (observed on Bandit scan before forcing dynamic_finding=False at parser level) + deduplicationLogger.debug("trying to get endpoints on a finding before it was saved but no endpoints found (static parser wrongly identified as dynamic?") + return "" + + def _get_saved_endpoints(finding) -> str: + if finding.id is not None: + deduplicationLogger.debug("get_endpoints: after the finding was saved. Endpoints count: " + str(finding.endpoints.count())) + # convert list of endpoints to the list of their canonical representation + endpoint_str_list = [str(endpoint) for endpoint in finding.endpoints.all()] + # sort endpoints strings + return "".join(sorted(endpoint_str_list)) + return "" + + return _get_saved_endpoints(self) or _get_unsaved_endpoints(self) + + def _get_unsaved_locations(finding) -> str: + if len(finding.unsaved_locations) > 0: + deduplicationLogger.debug("get_locations before the finding was saved") + # convert list of unsaved locations to the list of their canonical representation + # deduplicate (usually done upon saving finding) and sort locations + locations = sorted({location.get_location_value() for location in finding.unsaved_locations}) + return "".join(locations) # we can get here when the parser defines static_finding=True but leaves dynamic_finding defaulted # In this case, before saving the finding, both static_finding and dynamic_finding are True # After saving dynamic_finding may be set to False probably during the saving process (observed on Bandit scan before forcing dynamic_finding=False at parser level) - deduplicationLogger.debug("trying to get endpoints on a finding before it was saved but no endpoints found (static parser wrongly identified as dynamic?") + deduplicationLogger.debug("trying to get locations on a finding before it was saved but no locations found (static parser wrongly identified as dynamic?") return "" - def _get_saved_endpoints(finding) -> str: + def _get_saved_locations(finding) -> str: if finding.id is not None: - deduplicationLogger.debug("get_endpoints: after the finding was saved. Endpoints count: " + str(finding.endpoints.count())) - # convert list of endpoints to the list of their canonical representation - endpoint_str_list = [str(endpoint) for endpoint in finding.endpoints.all()] - # sort endpoints strings - return "".join(sorted(endpoint_str_list)) + deduplicationLogger.debug("get_locations: after the finding was saved. Locations count: " + str(finding.locations.count())) + # convert list of locations to the list of their canonical representation + locations = sorted({location_ref.location.get_location_value() for location_ref in finding.locations.all()}) + # sort locations strings + return "".join(sorted(locations)) return "" - return _get_saved_endpoints(self) or _get_unsaved_endpoints(self) + return _get_saved_locations(self) or _get_unsaved_locations(self) # Compute the hash_code from the fields to hash def hash_fields(self, fields_to_hash): @@ -3501,6 +3582,7 @@ def set_hash_code(self, dedupe_option): class FindingAdmin(admin.ModelAdmin): + # TODO: Delete this after the move to Locations # For efficiency with large databases, display many-to-many fields with raw # IDs rather than multi-select raw_id_fields = ( diff --git a/dojo/product/helpers.py b/dojo/product/helpers.py index aeadec0246d..8247cad4fa8 100644 --- a/dojo/product/helpers.py +++ b/dojo/product/helpers.py @@ -1,8 +1,12 @@ import contextlib import logging +from django.conf import settings +from django.db.models import Q + from dojo.celery import app from dojo.decorators import dojo_async_task +from dojo.location.models import Location from dojo.models import Endpoint, Engagement, Finding, Product, Test logger = logging.getLogger(__name__) @@ -26,9 +30,22 @@ def propagate_tags_on_product_sync(product): # findings logger.debug("Propagating tags from %s to all findings", product) propagate_tags_on_object_list(Finding.objects.filter(test__engagement__product=product)) - # endpoints - logger.debug("Propagating tags from %s to all endpoints", product) - propagate_tags_on_object_list(Endpoint.objects.filter(product=product)) + if settings.V3_FEATURE_LOCATIONS: + # Locations + logger.debug("Propagating tags from %s to all locations", product) + propagate_tags_on_object_list( + Location.objects.filter( + # Locations linked directly to a product via LocationProductReference + Q(products__product=product) + # Locations linked indirectly to a product via LocationFindingReference + | Q(findings__finding__test__engagement__product=product), + ).distinct(), + ) + else: + # TODO: Delete this after the move to Locations + # endpoints + logger.debug("Propagating tags from %s to all endpoints", product) + propagate_tags_on_object_list(Endpoint.objects.filter(product=product)) def propagate_tags_on_object_list(object_list): diff --git a/dojo/product/queries.py b/dojo/product/queries.py index 69532212a59..1b5efffef8c 100644 --- a/dojo/product/queries.py +++ b/dojo/product/queries.py @@ -1,5 +1,5 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import ( get_roles_for_permission, @@ -22,8 +22,11 @@ Product_Type_Group, Product_Type_Member, ) +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_products(permission, user=None): if user is None: @@ -39,30 +42,31 @@ def get_authorized_products(permission, user=None): return Product.objects.all().order_by("name") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("pk"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("pk"), - group__users=user, - role__in=roles) - products = Product.objects.annotate( - prod_type__member=Exists(authorized_product_type_roles), - member=Exists(authorized_product_roles), - prod_type__authorized_group=Exists(authorized_product_type_groups), - authorized_group=Exists(authorized_product_groups)).order_by("name") - return products.filter( - Q(prod_type__member=True) | Q(member=True) - | Q(prod_type__authorized_group=True) | Q(authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Product.objects.filter( + Q(prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(pk__in=Subquery(authorized_product_roles)) + | Q(prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(pk__in=Subquery(authorized_product_groups)), + ).order_by("name") def get_authorized_members_for_product(product, permission): @@ -143,6 +147,8 @@ def get_authorized_product_groups(permission): return Product_Group.objects.filter(product__in=products).order_by("id").select_related("role") +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_app_analysis(permission): user = get_current_user() @@ -156,32 +162,35 @@ def get_authorized_app_analysis(permission): return App_Analysis.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - app_analysis = App_Analysis.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return app_analysis.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return App_Analysis.objects.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_dojo_meta(permission): user = get_current_user() @@ -195,83 +204,48 @@ def get_authorized_dojo_meta(permission): return DojoMeta.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries for all three paths + # Product path product_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + product_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + product_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + product_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - endpoint_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("endpoint__product__prod_type_id"), - user=user, - role__in=roles) - endpoint_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("endpoint__product_id"), - user=user, - role__in=roles) - endpoint_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("endpoint__product__prod_type_id"), - group__users=user, - role__in=roles) - endpoint_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("endpoint__product_id"), - group__users=user, - role__in=roles) - finding_authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - user=user, - role__in=roles) - finding_authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - user=user, - role__in=roles) - finding_authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("finding__test__engagement__product__prod_type_id"), - group__users=user, - role__in=roles) - finding_authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("finding__test__engagement__product_id"), - group__users=user, - role__in=roles) - dojo_meta = DojoMeta.objects.annotate( - product__prod_type__member=Exists(product_authorized_product_type_roles), - product__member=Exists(product_authorized_product_roles), - product__prod_type__authorized_group=Exists(product_authorized_product_type_groups), - product__authorized_group=Exists(product_authorized_product_groups), - endpoint__product__prod_type__member=Exists(endpoint_authorized_product_type_roles), - endpoint__product__member=Exists(endpoint_authorized_product_roles), - endpoint__product__prod_type__authorized_group=Exists(endpoint_authorized_product_type_groups), - endpoint__product__authorized_group=Exists(endpoint_authorized_product_groups), - finding__test__engagement__product__prod_type__member=Exists(finding_authorized_product_type_roles), - finding__test__engagement__product__member=Exists(finding_authorized_product_roles), - finding__test__engagement__product__prod_type__authorized_group=Exists(finding_authorized_product_type_groups), - finding__test__engagement__product__authorized_group=Exists(finding_authorized_product_groups), + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + # DojoMeta can be attached to product, endpoint, or finding + return DojoMeta.objects.filter( + # Product path + Q(product__prod_type_id__in=Subquery(product_authorized_product_type_roles)) + | Q(product_id__in=Subquery(product_authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(product_authorized_product_type_groups)) + | Q(product_id__in=Subquery(product_authorized_product_groups)) + # Endpoint path + | Q(endpoint__product__prod_type_id__in=Subquery(product_authorized_product_type_roles)) + | Q(endpoint__product_id__in=Subquery(product_authorized_product_roles)) + | Q(endpoint__product__prod_type_id__in=Subquery(product_authorized_product_type_groups)) + | Q(endpoint__product_id__in=Subquery(product_authorized_product_groups)) + # Finding path + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(product_authorized_product_type_roles)) + | Q(finding__test__engagement__product_id__in=Subquery(product_authorized_product_roles)) + | Q(finding__test__engagement__product__prod_type_id__in=Subquery(product_authorized_product_type_groups)) + | Q(finding__test__engagement__product_id__in=Subquery(product_authorized_product_groups)), ).order_by("id") - return dojo_meta.filter( - Q(product__prod_type__member=True) - | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) - | Q(product__authorized_group=True) - | Q(endpoint__product__prod_type__member=True) - | Q(endpoint__product__member=True) - | Q(endpoint__product__prod_type__authorized_group=True) - | Q(endpoint__product__authorized_group=True) - | Q(finding__test__engagement__product__prod_type__member=True) - | Q(finding__test__engagement__product__member=True) - | Q(finding__test__engagement__product__prod_type__authorized_group=True) - | Q(finding__test__engagement__product__authorized_group=True)) +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_languages(permission): user = get_current_user() @@ -285,32 +259,35 @@ def get_authorized_languages(permission): return Languages.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - languages = Languages.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return languages.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Languages.objects.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_engagement_presets(permission): user = get_current_user() @@ -324,32 +301,35 @@ def get_authorized_engagement_presets(permission): return Engagement_Presets.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - engagement_presets = Engagement_Presets.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return engagement_presets.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Engagement_Presets.objects.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_product_api_scan_configurations(permission): user = get_current_user() @@ -363,27 +343,28 @@ def get_authorized_product_api_scan_configurations(permission): return Product_API_Scan_Configuration.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("product_id"), - group__users=user, - role__in=roles) - product_api_scan_configurations = Product_API_Scan_Configuration.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return product_api_scan_configurations.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Product_API_Scan_Configuration.objects.filter( + Q(product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(product_id__in=Subquery(authorized_product_roles)) + | Q(product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") diff --git a/dojo/product/views.py b/dojo/product/views.py index 837e0bdfefc..18d29d91616 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -8,13 +8,13 @@ from math import ceil from dateutil.relativedelta import relativedelta +from django.conf import settings from django.contrib import messages from django.contrib.admin.utils import NestedObjects from django.contrib.postgres.aggregates import StringAgg from django.core.exceptions import PermissionDenied, ValidationError from django.db import DEFAULT_DB_ALIAS, connection -from django.db.models import Count, DateField, F, OuterRef, Prefetch, Q, Subquery, Sum -from django.db.models.expressions import Value +from django.db.models import Count, DateField, F, OuterRef, Prefetch, Q, Subquery, Sum, Value from django.db.models.functions import Coalesce from django.db.models.query import QuerySet from django.http import Http404, HttpRequest, HttpResponseRedirect, JsonResponse @@ -55,7 +55,7 @@ DeleteEngagementPresetsForm, DeleteProduct_API_Scan_ConfigurationForm, DeleteProductForm, - DojoMetaDataForm, + DojoMetaFormSet, Edit_Product_Group_Form, Edit_Product_MemberForm, EngagementPresetsForm, @@ -150,6 +150,11 @@ def product(request): build_count_subquery(base_findings, group_field="test__engagement__product_id"), Value(0), ), ) + if settings.V3_FEATURE_LOCATIONS: + prods = prods.annotate( + location_host_count=Count("locations__location__url__host", distinct=True), + location_count=Count("locations", distinct=True), + ) filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = ProductFilterWithoutObjectLookups if filter_string_matching else ProductFilter @@ -214,16 +219,18 @@ def prefetch_for_product(prods): ), ) - active_endpoint_qs = Endpoint.objects.filter( - status_endpoint__mitigated=False, - status_endpoint__false_positive=False, - status_endpoint__out_of_scope=False, - status_endpoint__risk_accepted=False, - ).distinct() + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + active_endpoint_qs = Endpoint.objects.filter( + status_endpoint__mitigated=False, + status_endpoint__false_positive=False, + status_endpoint__out_of_scope=False, + status_endpoint__risk_accepted=False, + ).distinct() - prefetched_prods = prefetched_prods.prefetch_related( - Prefetch("endpoint_set", queryset=active_endpoint_qs, to_attr="active_endpoints"), - ) + prefetched_prods = prefetched_prods.prefetch_related( + Prefetch("endpoint_set", queryset=active_endpoint_qs, to_attr="active_endpoints"), + ) if get_system_setting("enable_github"): prefetched_prods = prefetched_prods.prefetch_related( @@ -467,6 +474,7 @@ def finding_queries(request, prod): return filters +# TODO: Delete this after the move to Locations def endpoint_queries(request, prod): filters = {} endpoints_query = Endpoint_Status.objects.filter(finding__test__engagement__product=prod, @@ -571,6 +579,7 @@ def view_product_metrics(request, pid): filters = {} if view == "Finding": filters = finding_queries(request, prod) + # TODO: Delete this after the move to Locations elif view == "Endpoint": filters = endpoint_queries(request, prod) @@ -1090,7 +1099,8 @@ def delete_product(request, pid): message = labels.ASSET_DELETE_SUCCESS_ASYNC_MESSAGE else: message = labels.ASSET_DELETE_SUCCESS_MESSAGE - product.delete() + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + product.delete() messages.add_message(request, messages.SUCCESS, message, @@ -1105,9 +1115,10 @@ def delete_product(request, pid): rels = ["Previewing the relationships has been disabled.", ""] display_preview = get_setting("DELETE_PREVIEW") if display_preview: - collector = NestedObjects(using=DEFAULT_DB_ALIAS) - collector.collect([product]) - rels = collector.nested() + with Endpoint.allow_endpoint_init(): # TODO: Delete this after the move to Locations + collector = NestedObjects(using=DEFAULT_DB_ALIAS) + collector.collect([product]) + rels = collector.nested() product_tab = Product_Tab(product, title=str(labels.ASSET_LABEL), tab="settings") @@ -1273,59 +1284,28 @@ def new_eng_for_app_cicd(request, pid): @user_is_authorized(Product, Permissions.Product_Edit, "pid") -def add_meta_data(request, pid): - prod = Product.objects.get(id=pid) - if request.method == "POST": - form = DojoMetaDataForm(request.POST, instance=DojoMeta(product=prod)) - if form.is_valid(): - form.save() - messages.add_message(request, - messages.SUCCESS, - _("Metadata added successfully."), - extra_tags="alert-success") - if "add_another" in request.POST: - return HttpResponseRedirect(reverse("add_meta_data", args=(pid,))) - return HttpResponseRedirect(reverse("view_product", args=(pid,))) - else: - form = DojoMetaDataForm() - - product_tab = Product_Tab(prod, title=_("Add Metadata"), tab="settings") - - return render(request, "dojo/add_product_meta_data.html", - {"form": form, - "product_tab": product_tab, - "product": prod, - }) - +def manage_meta_data(request, pid): + product = Product.objects.get(id=pid) + meta_data_query = DojoMeta.objects.filter(product=product) + form_mapping = {"product": product} + formset = DojoMetaFormSet(queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) -@user_is_authorized(Product, Permissions.Product_Edit, "pid") -def edit_meta_data(request, pid): - prod = Product.objects.get(id=pid) if request.method == "POST": - for key, orig_value in request.POST.items(): - if key.startswith("cfv_"): - cfv_id = int(key.split("_")[1]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - value = orig_value.strip() - if value: - cfv.value = value - cfv.save() - if key.startswith("delete_"): - cfv_id = int(key.split("_")[2]) - cfv = get_object_or_404(DojoMeta, id=cfv_id) - cfv.delete() - - messages.add_message(request, - messages.SUCCESS, - _("Metadata edited successfully."), - extra_tags="alert-success") - return HttpResponseRedirect(reverse("view_product", args=(pid,))) + formset = DojoMetaFormSet(request.POST, queryset=meta_data_query, form_kwargs={"fk_map": form_mapping}) + if formset.is_valid(): + formset.save() + messages.add_message( + request, messages.SUCCESS, "Metadata updated successfully.", extra_tags="alert-success", + ) + return HttpResponseRedirect(reverse("view_product", args=(pid,))) - product_tab = Product_Tab(prod, title=_("Edit Metadata"), tab="settings") - return render(request, "dojo/edit_product_meta_data.html", - {"product": prod, - "product_tab": product_tab, - }) + add_breadcrumb(parent=product, title="Manage Metadata", top_level=False, request=request) + product_tab = Product_Tab(product, "Edit Metadata", tab="products") + return render( + request, + "dojo/edit_metadata.html", + {"formset": formset, "product_tab": product_tab}, + ) class AdHocFindingView(View): @@ -1462,7 +1442,7 @@ def process_finding_form(self, request: HttpRequest, test: Test, context: dict): finding.unsaved_vulnerability_ids = context["form"].cleaned_data["vulnerability_ids"].split() finding.save() # Save and add new endpoints - finding_helper.add_endpoints(finding, context["form"]) + finding_helper.add_locations(finding, context["form"]) # Save the finding at the end and return finding.save() @@ -1520,7 +1500,7 @@ def process_github_form(self, request: HttpRequest, finding: Finding, context: d return request, True if context["gform"].is_valid(): - add_external_issue(finding, "github") + add_external_issue(finding.id, "github") return request, True add_field_errors_to_response(context["gform"]) diff --git a/dojo/product_type/queries.py b/dojo/product_type/queries.py index 1d95ac81170..a0ae41e2590 100644 --- a/dojo/product_type/queries.py +++ b/dojo/product_type/queries.py @@ -1,5 +1,5 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import ( get_roles_for_permission, @@ -10,8 +10,11 @@ from dojo.authorization.roles_permissions import Permissions from dojo.group.queries import get_authorized_groups from dojo.models import Global_Role, Product_Type, Product_Type_Group, Product_Type_Member +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_product_types(permission): user = get_current_user() @@ -25,17 +28,21 @@ def get_authorized_product_types(permission): return Product_Type.objects.all().order_by("name") roles = get_roles_for_permission(permission) - authorized_roles = Product_Type_Member.objects.filter(product_type=OuterRef("pk"), - user=user, - role__in=roles) + + # Get authorized product_type IDs via subqueries + authorized_roles = Product_Type_Member.objects.filter( + user=user, role__in=roles, + ).values("product_type_id") + authorized_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("pk"), - group__users=user, - role__in=roles) - product_types = Product_Type.objects.annotate( - member=Exists(authorized_roles), - authorized_group=Exists(authorized_groups)).order_by("name") - return product_types.filter(Q(member=True) | Q(authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_type_id") + + # Filter using IN with Subquery - no annotations needed + return Product_Type.objects.filter( + Q(pk__in=Subquery(authorized_roles)) + | Q(pk__in=Subquery(authorized_groups)), + ).order_by("name") def get_authorized_members_for_product_type(product_type, permission): diff --git a/dojo/reports/queries.py b/dojo/reports/queries.py new file mode 100644 index 00000000000..174427ca5c6 --- /dev/null +++ b/dojo/reports/queries.py @@ -0,0 +1,61 @@ + +from django.conf import settings +from django.db.models import Prefetch, QuerySet + +from dojo.finding.queries import prefetch_for_findings +from dojo.location.models import LocationFindingReference +from dojo.location.queries import annotate_location_counts_and_status +from dojo.location.status import FindingLocationStatus +from dojo.models import Finding + + +def prefetch_related_findings_for_report(findings: QuerySet) -> QuerySet: + return prefetch_for_findings( + findings.prefetch_related( + # Some of the fields are removed here because they are being + # prefetched in the prefetch_for_findings function + "test__engagement__product__prod_type", + "risk_acceptance_set__accepted_findings", + "burprawrequestresponse_set", + "files", + "reporter", + "mitigated_by", + ), + ) + + +def prefetch_related_endpoints_for_report(endpoints: QuerySet) -> QuerySet: + if settings.V3_FEATURE_LOCATIONS: + return annotate_location_counts_and_status( + endpoints.prefetch_related( + "tags", + Prefetch( + "findings", + queryset=LocationFindingReference.objects.filter(status=FindingLocationStatus.Active) + .prefetch_related("finding") + .order_by("finding__numerical_severity"), + to_attr="_active_annotated_findings", + ), + ), + ) + # TODO: Delete this after the move to Locations + return endpoints.prefetch_related( + "product", + "tags", + Prefetch( + "findings", + queryset=prefetch_for_findings( + Finding.objects.filter( + active=True, + out_of_scope=False, + mitigated__isnull=True, + false_p=False, + duplicate=False, + status_finding__false_positive=False, + status_finding__out_of_scope=False, + status_finding__risk_accepted=False, + ).order_by("numerical_severity"), + ), + to_attr="active_annotated_findings", + ), + ) diff --git a/dojo/reports/urls.py b/dojo/reports/urls.py index a12858c840d..19d4348478f 100644 --- a/dojo/reports/urls.py +++ b/dojo/reports/urls.py @@ -32,16 +32,6 @@ views.test_report, name="test_report", ), - re_path( - r"^endpoint/(?P\d+)/report$", - views.endpoint_report, - name="endpoint_report", - ), - re_path( - r"^endpoint/host/(?P\d+)/report$", - views.endpoint_host_report, - name="endpoint_host_report", - ), re_path( r"^asset/report$", views.product_findings_report, @@ -106,10 +96,6 @@ name="engagement_report"), re_path(r"^test/(?P\d+)/report$", views.test_report, name="test_report"), - re_path(r"^endpoint/(?P\d+)/report$", views.endpoint_report, - name="endpoint_report"), - re_path(r"^endpoint/host/(?P\d+)/report$", views.endpoint_host_report, - name="endpoint_host_report"), re_path(r"^product/report$", views.product_findings_report, name="product_findings_report"), re_path(r"^reports/cover$", diff --git a/dojo/reports/views.py b/dojo/reports/views.py index 1dc29ff5e2d..3c820564d42 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -7,7 +7,6 @@ from dateutil.relativedelta import relativedelta from django.conf import settings from django.core.exceptions import PermissionDenied -from django.db.models import Prefetch from django.http import Http404, HttpRequest, HttpResponse, QueryDict from django.shortcuts import get_object_or_404, render from django.utils import timezone @@ -29,7 +28,10 @@ from dojo.finding.views import BaseListFindings from dojo.forms import ReportOptionsForm from dojo.labels import get_labels -from dojo.models import Dojo_User, Endpoint, Engagement, Finding, Notes, Product, Product_Type, Test +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus +from dojo.models import Dojo_User, Endpoint, Engagement, Finding, Product, Product_Type, Test +from dojo.reports.queries import prefetch_related_endpoints_for_report, prefetch_related_findings_for_report from dojo.reports.widgets import ( CoverPage, CustomReportJsonForm, @@ -42,6 +44,7 @@ WYSIWYGContent, report_widget_factory, ) +from dojo.url.filters import URLFilter from dojo.utils import ( Product_Tab, add_breadcrumb, @@ -89,18 +92,23 @@ def get_findings(self, request: HttpRequest): return filter_class(self.request.GET, queryset=findings) def get_endpoints(self, request: HttpRequest): - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__active=True) - - endpoints = endpoints.distinct() - - filter_string_matching = get_system_setting("filter_string_matching", False) - filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + filter_class = URLFilter + else: + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__active=True) + endpoints = endpoints.distinct() + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter return filter_class(request.GET, queryset=endpoints, user=request.user) def get_available_widgets(self, request: HttpRequest) -> list[Widget]: @@ -203,16 +211,23 @@ def report_findings(request): def report_endpoints(request): - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__active=True) - - endpoints = endpoints.distinct() - endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + endpoints = URLFilter(request.GET, queryset=endpoints) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__active=True) + endpoints = endpoints.distinct() + endpoints = EndpointFilter(request.GET, queryset=endpoints, user=request.user) paged_endpoints = get_page_items(request, endpoints.qs, 25) @@ -265,33 +280,23 @@ def test_report(request, tid): return generate_report(request, test) -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") -def endpoint_report(request, eid): - endpoint = get_object_or_404(Endpoint, id=eid) - return generate_report(request, endpoint, host_view=False) - - -@user_is_authorized(Endpoint, Permissions.Endpoint_View, "eid") -def endpoint_host_report(request, eid): - endpoint = get_object_or_404(Endpoint, id=eid) - return generate_report(request, endpoint, host_view=True) - - @user_is_authorized(Product, Permissions.Product_View, "pid") def product_endpoint_report(request, pid): product = get_object_or_404(Product.objects.all().prefetch_related("engagement_set__test_set__test_type", "engagement_set__test_set__environment"), id=pid) - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False) - - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoint_ids = endpoints.filter(finding__active=True).values_list("id", flat=True) - - endpoint_ids = endpoints.values_list("id", flat=True) - - endpoints = prefetch_related_endpoints_for_report(Endpoint.objects.filter(id__in=endpoint_ids)) - endpoints = EndpointReportFilter(request.GET, queryset=endpoints) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active) + endpoints = prefetch_related_endpoints_for_report(endpoints.distinct()) + endpoints = URLFilter(request.GET, queryset=endpoints) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False) + if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): + endpoints = endpoints.filter(finding__active=True) + endpoints = prefetch_related_endpoints_for_report(endpoints.distinct()) + endpoints = EndpointReportFilter(request.GET, queryset=endpoints) paged_endpoints = get_page_items(request, endpoints.qs, 25) report_format = request.GET.get("report_type", "HTML") @@ -352,17 +357,17 @@ def generate_report(request, obj, *, host_view=False): endpoints = None report_title = None - if type(obj).__name__ == "Product_Type": + if isinstance(obj, Product_Type): user_has_permission_or_403(request.user, obj, Permissions.Product_Type_View) - elif type(obj).__name__ == "Product": + elif isinstance(obj, Product): user_has_permission_or_403(request.user, obj, Permissions.Product_View) - elif type(obj).__name__ == "Engagement": + elif isinstance(obj, Engagement): user_has_permission_or_403(request.user, obj, Permissions.Engagement_View) - elif type(obj).__name__ == "Test": + elif isinstance(obj, Test): user_has_permission_or_403(request.user, obj, Permissions.Test_View) - elif type(obj).__name__ == "Endpoint": - user_has_permission_or_403(request.user, obj, Permissions.Endpoint_View) - elif type(obj).__name__ == "QuerySet" or type(obj).__name__ == "CastTaggedQuerySet" or type(obj).__name__ == "TagulousCastTaggedQuerySet": + elif isinstance(obj, (Endpoint, Location)): + user_has_permission_or_403(request.user, obj, Permissions.Location_View) + elif type(obj).__name__ in {"QuerySet", "CastTaggedQuerySet", "TagulousCastTaggedQuerySet"}: # authorization taken care of by only selecting findings from product user is authed to see pass else: @@ -387,7 +392,8 @@ def generate_report(request, obj, *, host_view=False): filter_string_matching = get_system_setting("filter_string_matching", False) report_finding_filter_class = ReportFindingFilterWithoutObjectLookups if filter_string_matching else ReportFindingFilter add_breadcrumb(title="Generate Report", top_level=False, request=request) - if type(obj).__name__ == "Product_Type": + + if isinstance(obj, Product_Type): product_type = obj template = "dojo/product_type_pdf_report.html" report_name = labels.ORG_REPORT_WITH_NAME_TITLE % {"name": str(product_type)} @@ -437,17 +443,21 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Product": + elif isinstance(obj, Product): product = obj template = "dojo/product_pdf_report.html" report_name = labels.ASSET_REPORT_WITH_NAME_TITLE % {"name": str(product)} report_title = labels.ASSET_REPORT_LABEL findings = report_finding_filter_class(request.GET, product=product, queryset=prefetch_related_findings_for_report(Finding.objects.filter( test__engagement__product=product))) - ids = set(finding.id for finding in findings.qs) # noqa: C401 + ids = findings.qs.values_list("id", flat=True) engagements = Engagement.objects.filter(test__finding__id__in=ids).distinct() tests = Test.objects.filter(finding__id__in=ids).distinct() - endpoints = Endpoint.objects.filter(product=product).distinct() + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.prefetch_related("products__product").filter(products__product=product).distinct() + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product=product).distinct() context = {"product": product, "engagements": engagements, "tests": tests, @@ -466,7 +476,7 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Engagement": + elif isinstance(obj, Engagement): logger.debug("generating report for Engagement") engagement = obj findings = report_finding_filter_class(request.GET, engagement=engagement, @@ -475,9 +485,13 @@ def generate_report(request, obj, *, host_view=False): template = "dojo/engagement_pdf_report.html" report_title = "Engagement Report" - ids = set(finding.id for finding in findings.qs) # noqa: C401 + ids = findings.qs.values_list("id", flat=True) tests = Test.objects.filter(finding__id__in=ids).distinct() - endpoints = Endpoint.objects.filter(product=engagement.product).distinct() + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.prefetch_related("products__product").filter(products__product=engagement.product).distinct() + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter(product=engagement.product).distinct() context = {"engagement": engagement, "tests": tests, @@ -496,7 +510,7 @@ def generate_report(request, obj, *, host_view=False): "user_id": request.user.id, "endpoints": endpoints} - elif type(obj).__name__ == "Test": + elif isinstance(obj, Test): test = obj findings = report_finding_filter_class(request.GET, engagement=test.engagement, queryset=prefetch_related_findings_for_report(Finding.objects.filter(test=test))) @@ -519,7 +533,8 @@ def generate_report(request, obj, *, host_view=False): "host": report_url_resolver(request), "user_id": request.user.id} - elif type(obj).__name__ == "Endpoint": + # TODO: Delete this after the move to Locations + elif isinstance(obj, Endpoint): endpoint = obj if host_view: report_name = "Endpoint Host Report: " + endpoint.host @@ -532,7 +547,7 @@ def generate_report(request, obj, *, host_view=False): report_title = "Endpoint Report" template = "dojo/endpoint_pdf_report.html" findings = report_finding_filter_class(request.GET, - queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) + queryset=prefetch_related_findings_for_report(Finding.objects.filter(endpoints__in=endpoints))) context = {"endpoint": endpoint, "endpoints": endpoints, @@ -549,6 +564,41 @@ def generate_report(request, obj, *, host_view=False): "title": report_title, "host": report_url_resolver(request), "user_id": request.user.id} + + elif isinstance(obj, Location): + endpoint = obj + if host_view: + report_name = "Endpoint Host Report: " + endpoint.url.host + endpoints = Location.objects.prefetch_related("url").filter(url__host=endpoint.url.host).distinct() + report_title = "Endpoint Host Report" + else: + report_name = "Endpoint Report: " + str(endpoint) + endpoints = Location.objects.filter(id=endpoint.id).distinct() + report_title = "Endpoint Report" + template = "dojo/endpoint_pdf_report.html" + findings = report_finding_filter_class( + request.GET, + queryset=prefetch_related_findings_for_report(Finding.objects.filter(locations__location__in=endpoints)), + ) + + context = { + "endpoint": endpoint, + "endpoints": endpoints, + "report_name": report_name, + "findings": findings.qs.distinct().order_by("numerical_severity"), + "include_finding_notes": include_finding_notes, + "include_finding_images": include_finding_images, + "include_executive_summary": include_executive_summary, + "include_table_of_contents": include_table_of_contents, + "include_disclaimer": include_disclaimer, + "disclaimer": disclaimer, + "user": user, + "team_name": get_system_setting("team_name"), + "title": report_title, + "host": report_url_resolver(request), + "user_id": request.user.id, + } + elif type(obj).__name__ in {"QuerySet", "CastTaggedQuerySet", "TagulousCastTaggedQuerySet"}: findings = report_finding_filter_class(request.GET, queryset=prefetch_related_findings_for_report(obj).distinct()) report_name = "Finding" @@ -568,6 +618,7 @@ def generate_report(request, obj, *, host_view=False): "title": report_title, "host": report_url_resolver(request), "user_id": request.user.id} + else: raise Http404 @@ -614,10 +665,12 @@ def generate_report(request, obj, *, host_view=False): elif product: product_tab = Product_Tab(product, title=str(labels.ASSET_REPORT_LABEL), tab="findings") elif endpoints: - if host_view: - product_tab = Product_Tab(endpoint.product, title="Endpoint Host Report", tab="endpoints") - else: - product_tab = Product_Tab(endpoint.product, title="Endpoint Report", tab="endpoints") + # TODO: Delete this after the move to Locations + if not settings.V3_FEATURE_LOCATIONS: + if host_view: + product_tab = Product_Tab(endpoint.product, title="Endpoint Host Report", tab="endpoints") + else: + product_tab = Product_Tab(endpoint.product, title="Endpoint Report", tab="endpoints") return render(request, "dojo/request_report.html", {"product_type": product_type, @@ -634,29 +687,6 @@ def generate_report(request, obj, *, host_view=False): }) -def prefetch_related_findings_for_report(findings): - return findings.prefetch_related("test", - "test__engagement__product", - "test__engagement__product__prod_type", - "risk_acceptance_set", - "risk_acceptance_set__accepted_findings", - "burprawrequestresponse_set", - "endpoints", - "tags", - Prefetch("notes", queryset=Notes.objects.filter(private=False)), - "files", - "reporter", - "mitigated_by", - ) - - -def prefetch_related_endpoints_for_report(endpoints): - return endpoints.prefetch_related( - "product", - "tags", - ) - - def get_list_index(full_list, index): try: element = full_list[index] @@ -760,7 +790,7 @@ def get_template(self): def get(self, request): findings, obj = get_findings(request) self.findings = findings - findings = self.add_findings_data() + findings = prefetch_related_findings_for_report(self.add_findings_data()) return self.generate_quick_report(request, findings, obj) def generate_quick_report(self, request, findings, obj=None): @@ -789,8 +819,6 @@ def generate_quick_report(self, request, findings, obj=None): def get_excludes(): return ["SEVERITIES", "age", "github_issue", "jira_issue", "objects", "risk_acceptance", - "test__engagement__product__authorized_group", "test__engagement__product__member", - "test__engagement__product__prod_type__authorized_group", "test__engagement__product__prod_type__member", "unsaved_endpoints", "unsaved_vulnerability_ids", "unsaved_files", "unsaved_request", "unsaved_response", "unsaved_tags", "vulnerability_ids", "cve"] diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py index 47e0c6afe19..e71a7168b70 100644 --- a/dojo/reports/widgets.py +++ b/dojo/reports/widgets.py @@ -19,7 +19,12 @@ ) from dojo.forms import CustomReportOptionsForm from dojo.labels import get_labels +from dojo.location.models import Location +from dojo.location.status import FindingLocationStatus from dojo.models import Endpoint, Finding +from dojo.reports.queries import prefetch_related_endpoints_for_report, prefetch_related_findings_for_report +from dojo.settings import settings +from dojo.url.filters import URLFilter from dojo.utils import get_page_items, get_system_setting, get_words_for_field """ @@ -286,7 +291,7 @@ def __init__(self, *args, **kwargs): def get_html(self): html = render_to_string("dojo/custom_html_report_finding_list.html", {"title": self.title, - "findings": self.findings.qs, + "findings": prefetch_related_findings_for_report(self.findings.qs), "include_finding_notes": self.finding_notes, "include_finding_images": self.finding_images, "host": self.host, @@ -351,7 +356,7 @@ def __init__(self, *args, **kwargs): def get_html(self): html = render_to_string("dojo/custom_html_report_endpoint_list.html", {"title": self.title, - "endpoints": self.endpoints.qs, + "endpoints": prefetch_related_endpoints_for_report(self.endpoints.qs), "include_finding_notes": self.finding_notes, "include_finding_images": self.finding_images, "host": self.host, @@ -365,12 +370,23 @@ def get_option_form(self): "request": self.request, "title": self.title, "extra_help": self.extra_help, + "V3_FEATURE_LOCATIONS": settings.V3_FEATURE_LOCATIONS, }) return mark_safe(html) -def report_widget_factory(json_data=None, request=None, user=None, *, finding_notes=False, finding_images=False, - host=None): +def report_widget_factory( + json_data=None, request=None, user=None, *, finding_notes=False, finding_images=False, host=None, +): + def convert_to_querydict(data): + d = QueryDict(mutable=True) + for item in data: + if item["name"] in d: + d.appendlist(item["name"], item["value"]) + else: + d[item["name"]] = item["value"] + return d + selected_widgets = OrderedDict() widgets = json.loads(json_data) @@ -379,41 +395,43 @@ def report_widget_factory(json_data=None, request=None, user=None, *, finding_no selected_widgets[list(widget.keys())[0] + "-" + str(idx)] = PageBreak() if list(widget.keys())[0] == "endpoint-list": - endpoints = Endpoint.objects.filter(finding__active=True, - finding__false_p=False, - finding__duplicate=False, - finding__out_of_scope=False, - ) - if get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_metrics", True): - endpoints = endpoints.filter(finding__verified=True) - - endpoints = endpoints.distinct() - - d = QueryDict(mutable=True) - for item in widget.get(list(widget.keys())[0]): - if item["name"] in d: - d.appendlist(item["name"], item["value"]) - else: - d[item["name"]] = item["value"] - - endpoints = Endpoint.objects.filter(id__in=endpoints) - filter_string_matching = get_system_setting("filter_string_matching", False) - filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter - endpoints = filter_class(d, queryset=endpoints, user=request.user) - user_id = user.id if user is not None else None - endpoints = EndpointList(request=request, endpoints=endpoints, finding_notes=finding_notes, - finding_images=finding_images, host=host, user_id=user_id) + d = convert_to_querydict(widget.get(list(widget.keys())[0])) + if settings.V3_FEATURE_LOCATIONS: + endpoints = Location.objects.filter(findings__status=FindingLocationStatus.Active).distinct() + endpoints = URLFilter(d, queryset=endpoints, user=request.user) + else: + # TODO: Delete this after the move to Locations + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__false_p=False, + finding__duplicate=False, + finding__out_of_scope=False, + ) + if get_system_setting("enforce_verified_status", True) or get_system_setting( + "enforce_verified_status_metrics", True, + ): + endpoints = endpoints.filter(finding__verified=True) + + endpoints = endpoints.distinct() + endpoints = Endpoint.objects.filter(id__in=endpoints) + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter + endpoints = filter_class(d, queryset=endpoints, user=request.user) + user_id = user.id if user is not None else None + endpoints = EndpointList( + request=request, + endpoints=endpoints, + finding_notes=finding_notes, + finding_images=finding_images, + host=host, + user_id=user_id, + ) selected_widgets[list(widget.keys())[0] + "-" + str(idx)] = endpoints if list(widget.keys())[0] == "finding-list": + d = convert_to_querydict(widget.get(list(widget.keys())[0])) findings = Finding.objects.all() - d = QueryDict(mutable=True) - for item in widget.get(list(widget.keys())[0]): - if item["name"] in d: - d.appendlist(item["name"], item["value"]) - else: - d[item["name"]] = item["value"] filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = ReportFindingFilterWithoutObjectLookups if filter_string_matching else ReportFindingFilter findings = filter_class(d, queryset=findings) diff --git a/dojo/risk_acceptance/queries.py b/dojo/risk_acceptance/queries.py index 72282af21e7..a608a4d174b 100644 --- a/dojo/risk_acceptance/queries.py +++ b/dojo/risk_acceptance/queries.py @@ -1,10 +1,13 @@ from crum import get_current_user -from django.db.models import Exists, OuterRef, Q +from django.db.models import Q, Subquery from dojo.authorization.authorization import get_roles_for_permission, user_has_global_permission from dojo.models import Product_Group, Product_Member, Product_Type_Group, Product_Type_Member, Risk_Acceptance +from dojo.request_cache import cache_for_request +# Cached: all parameters are hashable, no dynamic queryset filtering +@cache_for_request def get_authorized_risk_acceptances(permission): user = get_current_user() @@ -18,27 +21,28 @@ def get_authorized_risk_acceptances(permission): return Risk_Acceptance.objects.all().order_by("id") roles = get_roles_for_permission(permission) + + # Get authorized product/product_type IDs via subqueries authorized_product_type_roles = Product_Type_Member.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_type_id") + authorized_product_roles = Product_Member.objects.filter( - product=OuterRef("engagement__product_id"), - user=user, - role__in=roles) + user=user, role__in=roles, + ).values("product_id") + authorized_product_type_groups = Product_Type_Group.objects.filter( - product_type=OuterRef("engagement__product__prod_type_id"), - group__users=user, - role__in=roles) + group__users=user, role__in=roles, + ).values("product_type_id") + authorized_product_groups = Product_Group.objects.filter( - product=OuterRef("engagement__product_id"), - group__users=user, - role__in=roles) - risk_acceptances = Risk_Acceptance.objects.annotate( - product__prod_type__member=Exists(authorized_product_type_roles), - product__member=Exists(authorized_product_roles), - product__prod_type__authorized_group=Exists(authorized_product_type_groups), - product__authorized_group=Exists(authorized_product_groups)).order_by("id") - return risk_acceptances.filter( - Q(product__prod_type__member=True) | Q(product__member=True) - | Q(product__prod_type__authorized_group=True) | Q(product__authorized_group=True)) + group__users=user, role__in=roles, + ).values("product_id") + + # Filter using IN with Subquery - no annotations needed + return Risk_Acceptance.objects.filter( + Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_roles)) + | Q(engagement__product_id__in=Subquery(authorized_product_roles)) + | Q(engagement__product__prod_type_id__in=Subquery(authorized_product_type_groups)) + | Q(engagement__product_id__in=Subquery(authorized_product_groups)), + ).order_by("id") diff --git a/dojo/search/views.py b/dojo/search/views.py index cf8bcb27061..c7d80d6d7b6 100644 --- a/dojo/search/views.py +++ b/dojo/search/views.py @@ -16,6 +16,7 @@ from dojo.filters import FindingFilter, FindingFilterWithoutObjectLookups from dojo.finding.queries import get_authorized_findings, get_authorized_vulnerability_ids, prefetch_for_findings from dojo.forms import FindingBulkUpdateForm, SimpleSearchForm +from dojo.location.queries import get_authorized_locations, prefetch_for_locations from dojo.models import Engagement, Finding, Finding_Template, Languages, Product, Test from dojo.product.queries import get_authorized_app_analysis, get_authorized_products from dojo.test.queries import get_authorized_tests @@ -125,7 +126,11 @@ def simple_search(request): authorized_tests = get_authorized_tests(Permissions.Test_View) authorized_engagements = get_authorized_engagements(Permissions.Engagement_View) authorized_products = get_authorized_products(Permissions.Product_View) - authorized_endpoints = get_authorized_endpoints(Permissions.Endpoint_View) + if settings.V3_FEATURE_LOCATIONS: + authorized_endpoints = get_authorized_locations(Permissions.Location_View) + else: + # TODO: Delete this after the move to Locations + authorized_endpoints = get_authorized_endpoints(Permissions.Location_View) authorized_finding_templates = Finding_Template.objects.all() authorized_app_analysis = get_authorized_app_analysis(Permissions.Product_View) authorized_vulnerability_ids = get_authorized_vulnerability_ids(Permissions.Finding_View) @@ -289,9 +294,12 @@ def simple_search(request): endpoints = authorized_endpoints endpoints = apply_tag_filters(endpoints, operators) - - endpoints = endpoints.filter(Q(host__icontains=keywords_query) | Q(path__icontains=keywords_query) | Q(protocol__icontains=keywords_query) | Q(query__icontains=keywords_query) | Q(fragment__icontains=keywords_query)) - endpoints = prefetch_for_endpoints(endpoints) + if settings.V3_FEATURE_LOCATIONS: + endpoints = endpoints.filter(Q(url__host__icontains=keywords_query) | Q(url__path__icontains=keywords_query) | Q(url__protocol__icontains=keywords_query) | Q(url__query__icontains=keywords_query) | Q(url__fragment__icontains=keywords_query)) + endpoints = prefetch_for_locations(endpoints) + else: + endpoints = endpoints.filter(Q(host__icontains=keywords_query) | Q(path__icontains=keywords_query) | Q(protocol__icontains=keywords_query) | Q(query__icontains=keywords_query) | Q(fragment__icontains=keywords_query)) + endpoints = prefetch_for_endpoints(endpoints) endpoints = endpoints[:max_results] else: endpoints = None @@ -515,7 +523,10 @@ def apply_tag_filters(qs, operators, *, skip_relations=False): def apply_endpoint_filter(qs, operators): if "endpoint" in operators: - qs = qs.filter(endpoints__host__contains=",".join(operators["endpoint"])) + if settings.V3_FEATURE_LOCATIONS: + qs = qs.filter(locations__location__url__host__contains=",".join(operators["endpoint"])) + else: + qs = qs.filter(endpoints__host__contains=",".join(operators["endpoint"])) return qs diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index a5141612fea..ca0c28d76f6 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -89,7 +89,6 @@ DD_CELERY_RESULT_EXPIRES=(int, 86400), DD_CELERY_BEAT_SCHEDULE_FILENAME=(str, root("dojo.celery.beat.db")), DD_CELERY_TASK_SERIALIZER=(str, "pickle"), - DD_CELERY_PASS_MODEL_BY_ID=(str, True), DD_CELERY_LOG_LEVEL=(str, "INFO"), DD_TAG_BULK_ADD_BATCH_SIZE=(int, 1000), # Tagulous slug truncate unique setting. Set to -1 to use tagulous internal default (5) @@ -359,6 +358,8 @@ # For HTTP requests, how long connection is open before timeout # This settings apply only on requests performed by "requests" lib used in Dojo code (if some included lib is using "requests" as well, this does not apply there) DD_REQUESTS_TIMEOUT=(int, 30), + # Dictates if v3 functionality will be enabled + DD_V3_FEATURE_LOCATIONS=(bool, False), # Dictates if v3 org/asset relabeling (+url routing) will be enabled DD_ENABLE_V3_ORGANIZATION_ASSET_RELABEL=(bool, False), ) @@ -853,6 +854,10 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # Used to configure a custom version in the footer of the base.html template. FOOTER_VERSION = env("DD_FOOTER_VERSION") +# V3 Feature Flags +V3_FEATURE_LOCATIONS = env("DD_V3_FEATURE_LOCATIONS") + + # ------------------------------------------------------------------------------ # ADMIN # ------------------------------------------------------------------------------ @@ -1242,7 +1247,6 @@ def saml2_attrib_map_format(din): CELERY_BEAT_SCHEDULE_FILENAME = env("DD_CELERY_BEAT_SCHEDULE_FILENAME") CELERY_ACCEPT_CONTENT = ["pickle", "json", "msgpack", "yaml"] CELERY_TASK_SERIALIZER = env("DD_CELERY_TASK_SERIALIZER") -CELERY_PASS_MODEL_BY_ID = env("DD_CELERY_PASS_MODEL_BY_ID") CELERY_LOG_LEVEL = env("DD_CELERY_LOG_LEVEL") if len(env("DD_CELERY_BROKER_TRANSPORT_OPTIONS")) > 0: @@ -1260,43 +1264,72 @@ def saml2_attrib_map_format(din): "task": "dojo.tasks.add_alerts", "schedule": timedelta(hours=1), "args": [timedelta(hours=1)], + "options": { + "expires": int(60 * 60 * 1 * 1.2), # If a task is not executed within 72 minutes, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "cleanup-alerts": { "task": "dojo.tasks.cleanup_alerts", "schedule": timedelta(hours=8), + "options": { + "expires": int(60 * 60 * 8 * 1.2), # If a task is not executed within 9.6 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "dedupe-delete": { "task": "dojo.tasks.async_dupe_delete", "schedule": timedelta(minutes=1), - "args": [timedelta(minutes=1)], + "options": { + "expires": int(60 * 1 * 1.2), # If a task is not executed within 72 seconds, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "flush_auditlog": { "task": "dojo.tasks.flush_auditlog", "schedule": timedelta(hours=8), + "options": { + "expires": int(60 * 60 * 8 * 1.2), # If a task is not executed within 9.6 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "update-findings-from-source-issues": { "task": "dojo.tools.tool_issue_updater.update_findings_from_source_issues", "schedule": timedelta(hours=3), + "options": { + "expires": int(60 * 60 * 3 * 1.2), # If a task is not executed within 9 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "compute-sla-age-and-notify": { "task": "dojo.tasks.async_sla_compute_and_notify_task", "schedule": crontab(hour=7, minute=30), + "options": { + "expires": int(60 * 60 * 24 * 1.2), # If a task is not executed within 28.8 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "risk_acceptance_expiration_handler": { "task": "dojo.risk_acceptance.helper.expiration_handler", - "schedule": crontab(minute=0, hour="*/3"), # every 3 hours + "schedule": crontab(minute=0, hour="*/3"), # every 72 minutes + "options": { + "expires": int(60 * 60 * 3 * 1.2), # If a task is not executed within 9 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "notification_webhook_status_cleanup": { "task": "dojo.notifications.helper.webhook_status_cleanup", "schedule": timedelta(minutes=1), + "options": { + "expires": int(60 * 1 * 1.2), # If a task is not executed within 72 seconds, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "trigger_evaluate_pro_proposition": { "task": "dojo.tasks.evaluate_pro_proposition", "schedule": timedelta(hours=8), + "options": { + "expires": int(60 * 60 * 8 * 1.2), # If a task is not executed within 9.6 hours, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, "clear_sessions": { "task": "dojo.tasks.clear_sessions", "schedule": crontab(hour=0, minute=0, day_of_week=0), + "options": { + "expires": int(60 * 60 * 24 * 7 * 1.2), # If a task is not executed within 8.4 days, it should be dropped from the queue. Two more tasks should be scheduled in the meantime. + }, }, # 'jira_status_reconciliation': { # 'task': 'dojo.tasks.jira_status_reconciliation_task', @@ -1531,7 +1564,7 @@ def saml2_attrib_map_format(din): } # List of fields that are known to be usable in hash_code computation) -# 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners) +# 'endpoints' is a pseudo field that uses the endpoints (for dynamic scanners). If `V3_FEATURE_LOCATIONS` is True, Dojo uses locations (URLs) instead. # 'unique_id_from_tool' is often not needed here as it can be used directly in the dedupe algorithm, but it's also possible to use it for hashing HASHCODE_ALLOWED_FIELDS = ["title", "cwe", "vulnerability_ids", "line", "file_path", "payload", "component_name", "component_version", "description", "endpoints", "unique_id_from_tool", "severity", "vuln_id_from_tool", "mitigation"] @@ -2083,6 +2116,14 @@ def saml2_attrib_map_format(din): MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware", *MIDDLEWARE] +# Linear migrations for development +# Helps avoid merge migration conflicts by tracking the latest migration +if DEBUG: + INSTALLED_APPS = ( + "django_linear_migrations", # Must be before dojo to override makemigrations + *INSTALLED_APPS, + ) + def show_toolbar(request): return True diff --git a/dojo/system_settings/views.py b/dojo/system_settings/views.py index b0bce9d52d3..67bad91dc0e 100644 --- a/dojo/system_settings/views.py +++ b/dojo/system_settings/views.py @@ -9,7 +9,7 @@ from dojo.forms import SystemSettingsForm from dojo.models import System_Settings -from dojo.utils import add_breadcrumb, get_celery_worker_status +from dojo.utils import add_breadcrumb, get_celery_queue_length, get_celery_worker_status logger = logging.getLogger(__name__) @@ -110,6 +110,15 @@ def get_celery_status( else: context["celery_msg"] = "Celery does not appear to be up and running. Please ensure celery is running." context["celery_status"] = "Not Running" + + q_len = get_celery_queue_length() + if q_len is None: + context["celery_q_len"] = " It is not possible to identify number of waiting tasks." + elif q_len: + context["celery_q_len"] = f"{q_len} tasks are waiting to be proccessed." + else: + context["celery_q_len"] = "No task is waiting to be proccessed." + else: context["celery_bool"] = False context["celery_msg"] = "Celery needs to have the setting CELERY_RESULT_BACKEND = 'db+sqlite:///dojo.celeryresults.sqlite' set in settings.py." diff --git a/dojo/tags_signals.py b/dojo/tags_signals.py index 0cade958265..58682421d0b 100644 --- a/dojo/tags_signals.py +++ b/dojo/tags_signals.py @@ -4,6 +4,7 @@ from django.db.models import signals from django.dispatch import receiver +from dojo.location.models import Location, LocationFindingReference, LocationProductReference from dojo.models import Endpoint, Engagement, Finding, Product, Test from dojo.product import helpers as async_product_funcs from dojo.utils import get_system_setting @@ -27,6 +28,7 @@ def product_tags_post_add_remove(sender, instance, action, **kwargs): @receiver(signals.m2m_changed, sender=Engagement.tags.through) @receiver(signals.m2m_changed, sender=Test.tags.through) @receiver(signals.m2m_changed, sender=Finding.tags.through) +@receiver(signals.m2m_changed, sender=Location.tags.through) def make_inherited_tags_sticky(sender, instance, action, **kwargs): """Make sure inherited tags are added back in if they are removed""" if action in {"post_add", "post_remove"}: @@ -36,23 +38,44 @@ def make_inherited_tags_sticky(sender, instance, action, **kwargs): instance.inherit_tags(tag_list) +def inherit_instance_tags(instance): + """Usually nothing to do when saving a model, except for new models?""" + if inherit_product_tags(instance): + # TODO: Is this change OK to make? + # tag_list = instance._tags_tagulous.get_tag_list() + tag_list = instance.tags.get_tag_list() + if propagate_inheritance(instance, tag_list=tag_list): + instance.inherit_tags(tag_list) + + +def inherit_linked_instance_tags(instance: LocationFindingReference | LocationProductReference): + inherit_instance_tags(instance.location) + + @receiver(signals.post_save, sender=Endpoint) @receiver(signals.post_save, sender=Engagement) @receiver(signals.post_save, sender=Test) @receiver(signals.post_save, sender=Finding) +@receiver(signals.post_save, sender=Location) def inherit_tags_on_instance(sender, instance, created, **kwargs): - """Usually nothing to do when savind a model, except for new models?""" - if inherit_product_tags(instance): - tag_list = instance._tags_tagulous.get_tag_list() - if propagate_inheritance(instance, tag_list=tag_list): - instance.inherit_tags(tag_list) + inherit_instance_tags(instance) + + +@receiver(signals.post_save, sender=LocationFindingReference) +@receiver(signals.post_save, sender=LocationProductReference) +def inherit_tags_on_linked_instance(sender, instance, created, **kwargs): + inherit_linked_instance_tags(instance) def propagate_inheritance(instance, tag_list=None): # Get the expected product tags if tag_list is None: tag_list = [] - product_inherited_tags = [tag.name for tag in get_product(instance).tags.all()] + product_inherited_tags = [ + tag.name + for product in get_products_to_inherit_tags_from(instance) + for tag in product.tags.all() + ] existing_inherited_tags = [tag.name for tag in instance.inherited_tags.all()] # Check if product tags already matches inherited tags product_tags_equals_inherited_tags = product_inherited_tags == existing_inherited_tags @@ -62,23 +85,34 @@ def propagate_inheritance(instance, tag_list=None): def inherit_product_tags(instance) -> bool: - product = get_product(instance) + products = get_products(instance) # Save a read in the db - if product and product.enable_product_tag_inheritance: + if any(product.enable_product_tag_inheritance for product in products if product): return True return get_system_setting("enable_product_tag_inheritance") -def get_product(instance): +def get_products_to_inherit_tags_from(instance) -> list[Product]: + products = get_products(instance) + system_wide_inherit = get_system_setting("enable_product_tag_inheritance") + + return [ + product for product in products if product.enable_product_tag_inheritance or system_wide_inherit + ] + + +def get_products(instance) -> list[Product]: if isinstance(instance, Product): - return instance + return [instance] if isinstance(instance, Endpoint): - return instance.product + return [instance.product] if isinstance(instance, Engagement): - return instance.product + return [instance.product] if isinstance(instance, Test): - return instance.engagement.product + return [instance.engagement.product] if isinstance(instance, Finding): - return instance.test.engagement.product - return None + return [instance.test.engagement.product] + if isinstance(instance, Location): + return list(instance.all_related_products()) + return [] diff --git a/dojo/tasks.py b/dojo/tasks.py index d02040fa5b3..b934abc9f02 100644 --- a/dojo/tasks.py +++ b/dojo/tasks.py @@ -14,6 +14,7 @@ from dojo.celery import app from dojo.decorators import dojo_async_task from dojo.finding.helper import fix_loop_duplicates +from dojo.location.models import Location from dojo.management.commands.jira_status_reconciliation import jira_status_reconciliation from dojo.models import Alerts, Announcement, Endpoint, Engagement, Finding, Product, System_Settings, User from dojo.notifications.helper import create_notification @@ -72,7 +73,7 @@ def add_alerts(self, runinterval): if system_settings.enable_product_grade: products = Product.objects.all() for product in products: - calculate_grade(product) + calculate_grade(product.id) @app.task(bind=True) @@ -169,7 +170,7 @@ def _async_dupe_delete_impl(): if system_settings.enable_product_grade: logger.info("performing batch product grading for %s products", len(affected_products)) for product in affected_products: - calculate_grade(product) + calculate_grade(product.id) @app.task(ignore_result=False) @@ -223,7 +224,11 @@ def evaluate_pro_proposition(*args, **kwargs): ): return # Count the objects the determine if the banner should be updated - object_count = Finding.objects.count() + Endpoint.objects.count() + if settings.V3_FEATURE_LOCATIONS: + object_count = Finding.objects.count() + Location.objects.count() + else: + # TODO: Delete this after the move to Locations + object_count = Finding.objects.count() + Endpoint.objects.count() # Unless the count is greater than 100k, exit early if object_count < 100000: return diff --git a/dojo/templates/base.html b/dojo/templates/base.html index 7f9a44c750d..09393088809 100644 --- a/dojo/templates/base.html +++ b/dojo/templates/base.html @@ -857,7 +857,7 @@

    {% trans "Endpoint Report" %} - {% if product_tab.product|has_object_permission:"Endpoint_Add" %} + {% if product_tab.product|has_object_permission:"Location_Add" %}
  • @@ -866,7 +866,7 @@

    • {% endif %} - {% if product_tab.product|has_object_permission:"Endpoint_Edit" and system_settings.enable_endpoint_metadata_import %} + {% if product_tab.product|has_object_permission:"Location_Edit" and system_settings.enable_endpoint_metadata_import %}
  • diff --git a/dojo/templates/dojo/action_history.html b/dojo/templates/dojo/action_history.html index 904347b7c11..3a980234d55 100644 --- a/dojo/templates/dojo/action_history.html +++ b/dojo/templates/dojo/action_history.html @@ -38,7 +38,13 @@

    {{ h.pgh_created_at }} {{ h.pgh_label }} - {{ h.object_str|default:"N/A" }} + + {% if h.object_url %} + {{ h.object_str|default:"N/A" }} + {% else %} + {{ h.object_str|default:"N/A" }} + {% endif %} + {{ h.user|default:"N/A" }} {% if h.url and h.url != "N/A" %} @@ -68,7 +74,13 @@

    None {% endif %} - {{ h.pgh_obj_id|default:"N/A" }} + + {% if h.object_url and h.pgh_obj_id %} + {{ h.pgh_obj_id }} + {% else %} + {{ h.pgh_obj_id|default:"N/A" }} + {% endif %} + {% if h.pgh_label == "initial_backfill" %} Initial Backfill diff --git a/dojo/templates/dojo/add_endpoint_meta_data.html b/dojo/templates/dojo/add_endpoint_meta_data.html deleted file mode 100644 index ebc6fce3407..00000000000 --- a/dojo/templates/dojo/add_endpoint_meta_data.html +++ /dev/null @@ -1,19 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Add Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata

    -
    -
    {% csrf_token %} - {% include "dojo/form_fields.html" with form=form %} -
    -
    - -
    -
    - -
    -
    -
    -{% endblock %} \ No newline at end of file diff --git a/dojo/templates/dojo/add_product_meta_data.html b/dojo/templates/dojo/add_product_meta_data.html deleted file mode 100644 index 696ade6c260..00000000000 --- a/dojo/templates/dojo/add_product_meta_data.html +++ /dev/null @@ -1,19 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Add {{ product.name }} Custom Fields

    -
    -
    {% csrf_token %} - {% include "dojo/form_fields.html" with form=form %} -
    -
    - -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/custom_html_report_endpoint_list.html b/dojo/templates/dojo/custom_html_report_endpoint_list.html index aca9cd3bef9..0e881bd6fc6 100644 --- a/dojo/templates/dojo/custom_html_report_endpoint_list.html +++ b/dojo/templates/dojo/custom_html_report_endpoint_list.html @@ -1,7 +1,6 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -20,13 +19,13 @@

    Endpoint Findings

    - Endpoint: {{ endpoint }} with {{ endpoint.active_findings|length|apnumber }} + Endpoint: {{ endpoint }} with {{ endpoint.active_annotated_findings|length|apnumber }} active findings

    - {% for finding in endpoint.active_findings %} + {% for finding in endpoint.active_annotated_findings %} {% ifchanged finding.severity %}

    {{ finding.severity|capfirst }}

    {% endifchanged %} diff --git a/dojo/templates/dojo/custom_html_report_finding_list.html b/dojo/templates/dojo/custom_html_report_finding_list.html index 13f33d03dca..44d9063574f 100644 --- a/dojo/templates/dojo/custom_html_report_finding_list.html +++ b/dojo/templates/dojo/custom_html_report_finding_list.html @@ -1,7 +1,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/dashboard-metrics.html b/dojo/templates/dojo/dashboard-metrics.html index cae5661bb5e..aee1a199f8d 100644 --- a/dojo/templates/dojo/dashboard-metrics.html +++ b/dojo/templates/dojo/dashboard-metrics.html @@ -31,23 +31,25 @@

    {% blocktrans with start_date=start_date.date end_date=end_date.date%}{{ name }} for {{ start_date }} - {{ end_date }}{% endblocktrans %}
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}

    diff --git a/dojo/templates/dojo/edit_endpoint_meta_data.html b/dojo/templates/dojo/edit_endpoint_meta_data.html deleted file mode 100644 index 8b45791235e..00000000000 --- a/dojo/templates/dojo/edit_endpoint_meta_data.html +++ /dev/null @@ -1,26 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Edit Endpoint ({{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}) Metadata

    -
    -
    {% csrf_token %} - {% for cf in endpoint.endpoint_meta.all %} -
    - -
    - - Delete - -
    -
    - {% endfor %} -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/edit_metadata.html b/dojo/templates/dojo/edit_metadata.html new file mode 100644 index 00000000000..ec1597768cc --- /dev/null +++ b/dojo/templates/dojo/edit_metadata.html @@ -0,0 +1,23 @@ +{% extends "base.html" %} +{% load static %} +{% block content %} + {{ block.super }} +

    Edit Metadata

    +
    +
    + {% csrf_token %} + {% for form in formset %} +
    + {% include "dojo/form_fields.html" with form=form %} +
    + {% endfor %} +
    +
    +
    + {{ formset.management_form }} + +
    +
    +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/edit_product_meta_data.html b/dojo/templates/dojo/edit_product_meta_data.html deleted file mode 100644 index ffb5de7c99c..00000000000 --- a/dojo/templates/dojo/edit_product_meta_data.html +++ /dev/null @@ -1,26 +0,0 @@ -{% extends "base.html" %} -{% load static %} - -{% block content %} - {{ block.super }} -

    Edit Product ({{ product.name }}) Metadata

    -
    -
    {% csrf_token %} - {% for cf in product.product_meta.all %} -
    - -
    - - Delete - -
    -
    - {% endfor %} -
    -
    - -
    -
    -
    -{% endblock %} diff --git a/dojo/templates/dojo/endpoint_pdf_report.html b/dojo/templates/dojo/endpoint_pdf_report.html index 3520a9f42b1..ef187bb1b76 100644 --- a/dojo/templates/dojo/endpoint_pdf_report.html +++ b/dojo/templates/dojo/endpoint_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -31,7 +31,7 @@

    Executive Summary

    Vulnerable Services

    - {% if endpoints %} + {% if endpoints %} {% colgroup endpoints into 2 cols as grouped_items %} {% for row in grouped_items %} diff --git a/dojo/templates/dojo/endpoints.html b/dojo/templates/dojo/endpoints.html index 9d7aec59d41..82af13baa3a 100644 --- a/dojo/templates/dojo/endpoints.html +++ b/dojo/templates/dojo/endpoints.html @@ -12,7 +12,7 @@

    {{ name }}
    - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Add" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Add" %} {% endif %} - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Delete" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Delete" %}

    - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Edit" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} - {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Endpoint_Edit" %} + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} {% endif %} - + {% comment %} The display field is translated in the function. No need to translate here as well{% endcomment %} @@ -102,13 +102,13 @@

  • Add New Finding
    • {% endif %} -
  • View Endpoints
    • +
  • View Locations
  • View Hosts
    • -
  • View Vulnerable Endpoints
    • +
  • View Vulnerable Locations
  • View Vulnerable Hosts
    • -
  • Endpoint Report
    • - {% if prod|has_object_permission:"Endpoint_Add" %} -
  • Add New Endpoint
    • +
  • Location Report
    • + {% if prod|has_object_permission:"Location_Add" %} +
  • Add New Location
    • {% endif %} {% if prod|has_object_permission:"Product_Edit" %} @@ -250,8 +250,14 @@

    {% endif %}

    - - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + + + + {% endif %} {% for e in endpoints %} - - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + + + + {% endif %} {% endfor %} diff --git a/dojo/templates/dojo/request_endpoint_report.html b/dojo/templates/dojo/request_endpoint_report.html index e4742419370..9e77089d1b9 100644 --- a/dojo/templates/dojo/request_endpoint_report.html +++ b/dojo/templates/dojo/request_endpoint_report.html @@ -39,29 +39,47 @@

    {% if filtered %} +
    + {% include "dojo/paging_snippet.html" with page=endpoints %} +

    @@ -93,7 +93,7 @@

    {% for e in endpoints %}

    data-original-title="Files" title=""> {% endif %} - {% if finding.endpoints.all %} - - {% endif %} - {% endfor %} - " data-placement="right" data-container="body" data-original-title="Endpoints ({{ finding.active_endpoint_count }} Active, {{ finding.mitigated_endpoint_count }} Mitigated)" title=""> + {% else %} + ✕ {{ ref.location }} +
    + {% endif %} + {% endfor %} + " data-placement="right" data-container="body" data-original-title="Endpoints ({{ finding.active_endpoint_count }} Active, {{ finding.mitigated_endpoint_count }} Mitigated)" title=""> + {% endif %} + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + {% if finding.endpoints.exists %} + + {% endif %} {% endif %} {% if finding.component_name %} {% if not critical_prods %}
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}
    {% endif %} diff --git a/dojo/templates/dojo/migrate_endpoints.html b/dojo/templates/dojo/migrate_endpoints.html index c3455e24393..a070581f7e5 100644 --- a/dojo/templates/dojo/migrate_endpoints.html +++ b/dojo/templates/dojo/migrate_endpoints.html @@ -8,14 +8,18 @@
    -

    - {{ name }} -

    -
    -
    - {% include "dojo/filter_snippet.html" with form=filtered.form %} +

    {{ name }}

    +
    + This migration will convert existing Endpoints to the new Location model. Please ensure you have a full backup of your database before proceeding. This operation may take some time depending on the number of endpoints in your system. + Please consult the documentation for more information. +
    +
    +
    + If you would prefer to run this migration from the command line, you can do so by executing: + 
    python manage.py migrate_endpoints_to_locations
    +
    {% csrf_token %} @@ -24,23 +28,6 @@

    - {% if html_log|length > 0 %} -
      - {% for log in html_log %} -
    • - {% if 'message' in log.keys %} - Endpoint {{ log.message }}. It is not possible to migrate it. - Delete or edit this endpoint. - {% else %} - {{ log }} - {% endif %} -
      • - {% endfor %} -
    - {% else %} - No changes or broken endpoints detected. - {% endif %} - -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/dojo/templates/dojo/product.html b/dojo/templates/dojo/product.html index 2b2a3c6a8ff..cb06252f614 100644 --- a/dojo/templates/dojo/product.html +++ b/dojo/templates/dojo/product.html @@ -63,7 +63,7 @@

    		GitHub{% dojo_sort request 'Active (Verified) Findings' 'findings_count' %} Vulnerable Hosts / Endpoints Vulnerable Hosts / Locations Contact{% dojo_sort request labels.ORG_LABEL 'prod_type__name' %} - {{ prod.endpoint_host_count }} / - {{ prod.endpoint_count }} + {% if V3_FEATURE_LOCATIONS %} + {{ prod.location_host_count }} / + {{ prod.location_count }} + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + {{ prod.endpoint_host_count }} / + {{ prod.endpoint_count }} + {% endif %} {% if prod.product_manager %} @@ -376,7 +382,7 @@

    }}, {% endif %} { "data": "findings" }, - { "data": "endpoints" }, + { "data": "locations" }, { "data": "contacts" }, { "data": "product_type" }, ], diff --git a/dojo/templates/dojo/product_endpoint_pdf_report.html b/dojo/templates/dojo/product_endpoint_pdf_report.html index dff16d0e07d..f7de27fe7a3 100644 --- a/dojo/templates/dojo/product_endpoint_pdf_report.html +++ b/dojo/templates/dojo/product_endpoint_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} @@ -132,7 +132,7 @@

    Endpoint Findings

    {% endif %} {% for endpoint in endpoints %} -
    +

    Endpoint: {{ endpoint }} @@ -140,7 +140,8 @@

    - {% for finding in endpoint.active_findings %} + {% for finding in endpoint.active_annotated_findings %} +
    diff --git a/dojo/templates/dojo/product_metrics.html b/dojo/templates/dojo/product_metrics.html index 2f94c9df7fb..a479c5ea8ba 100644 --- a/dojo/templates/dojo/product_metrics.html +++ b/dojo/templates/dojo/product_metrics.html @@ -14,23 +14,25 @@

    Metrics Overview
    - - + {% if not V3_FEATURE_LOCATIONS %} + + + {% endif %}

    diff --git a/dojo/templates/dojo/product_pdf_report.html b/dojo/templates/dojo/product_pdf_report.html index 022af4870d8..9768c006888 100644 --- a/dojo/templates/dojo/product_pdf_report.html +++ b/dojo/templates/dojo/product_pdf_report.html @@ -3,7 +3,7 @@ {% load display_tags %} {% load humanize %} {% load event_tags %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% block content %} diff --git a/dojo/templates/dojo/product_type_pdf_report.html b/dojo/templates/dojo/product_type_pdf_report.html index 311061e466e..483d024edc7 100644 --- a/dojo/templates/dojo/product_type_pdf_report.html +++ b/dojo/templates/dojo/product_type_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/report_endpoints.html b/dojo/templates/dojo/report_endpoints.html index 07fac4e156e..5bdaa3904e9 100644 --- a/dojo/templates/dojo/report_endpoints.html +++ b/dojo/templates/dojo/report_endpoints.html @@ -30,18 +30,26 @@
    Filters
    class="tablesorter-bootstrap table table-bordered table-condensed table-striped table-hover">
    EndpointProductOpen FindingsEndpointOpen FindingsEndpointProductOpen Findings
    {{ e|truncatechars_html:70 }}{{ e.product }} - {{ e.finding_count_endpoint }} - {{ e|truncatechars_html:70 }}{{ e.findings.count }}{{ e|truncatechars_html:70 }}{{ e.product }}{{ e.findings.count }}
    - - + {% if V3_FEATURE_LOCATIONS %} + + + + {% else %} + + + {% endif %} {% for e in endpoints %} - - + {% if V3_FEATURE_LOCATIONS %} + + + + {% else %} + + + {% endif %} {% endfor %}
    EndpointOpen FindingsEndpointOpen FindingsOpen ProductsEndpointOpen Findings
    - {{ e|truncatechars_html:70 }} - {% include "dojo/snippets/tags.html" with tags=e.tags.all %} - - {{ e.findings_count }} - + {{ e|truncatechars_html:70 }} + {% include "dojo/snippets/tags.html" with tags=e.tags.all %} + {{ e.active_findings }}{{ e.active_products }} + {{ e|truncatechars_html:70 }} + {% include "dojo/snippets/tags.html" with tags=e.tags.all %} + + {{ e.findings_count }} +
    - {% include "dojo/paging_snippet.html" with page=paged_endpoints %} + {% include "dojo/paging_snippet.html" with page=endpoints %}
    {% else %}

    No endpoints found.

    diff --git a/dojo/templates/dojo/snippets/endpoints.html b/dojo/templates/dojo/snippets/endpoints.html index 014cc2c21f9..893379d853e 100644 --- a/dojo/templates/dojo/snippets/endpoints.html +++ b/dojo/templates/dojo/snippets/endpoints.html @@ -1,17 +1,17 @@ {% load display_tags %} {% load authorization_tags %} {% load static %} -{% load get_endpoint_status %} + {% if destination == "Report" %} - {% if finding|has_endpoints %} - {% with endpoints=finding|get_vulnerable_endpoints %} + {% if finding.has_endpoints%} + {% with endpoints=finding.active_endpoints %} {% if endpoints %}
    -
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    +
    Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})
    @@ -23,10 +23,18 @@
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    {% for endpoint in endpoints %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -37,28 +45,42 @@
    Vulnerable Endpoints / Systems ({{ endpoints|length }})
    {% endif %} {% endwith %} - {% with endpoints=finding|get_mitigated_endpoints %} + {% with endpoints=finding.mitigated_endpoints %} {% if endpoints %}
    -
    Mitigated Endpoints / Systems ({{ endpoints|length }})
    +
    Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }})
    {{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_date:finding|date }}{{ endpoint|endpoint_update_time:finding|date}}{{ endpoint.location }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.created|date }}{{ endpoint.audit_time|date}}{{ endpoint }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.date|date }}{{ endpoint.last_modified|date}}
    - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + {% endif %} {% for endpoint in endpoints %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -119,13 +141,13 @@
    Location
    {% endif %} {% else %} - {% with endpoints=finding|get_vulnerable_endpoints %} + {% with endpoints=finding.active_endpoints %} {% if endpoints %}
    -

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) +

    Vulnerable Endpoints / Systems ({{ finding.active_endpoint_count }})

    @@ -152,18 +174,29 @@

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) {% if finding|has_object_permission:"Finding_Edit" %}

    {% endif %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} @@ -174,13 +207,13 @@

    Vulnerable Endpoints / Systems ({{ endpoints|length }}) {% endif %} {% endwith %} - {% with endpoints=finding|get_mitigated_endpoints %} + {% with endpoints=finding.mitigated_endpoints %} {% if endpoints %}
    -

    Mitigated Endpoints / Systems ({{ endpoints|length }}) +

    Mitigated Endpoints / Systems ({{ finding.mitigated_endpoint_count }})

    @@ -197,8 +230,14 @@

    Mitigated Endpoints / Systems ({{ endpoints|length }}) {% endif %}

    - - + {% if V3_FEATURE_LOCATIONS %} + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + {% endif %} {% for endpoint in endpoints %} @@ -206,18 +245,29 @@

    Mitigated Endpoints / Systems ({{ endpoints|length }}) {% if finding|has_object_permission:"Finding_Edit" %}

    {% endif %} - - - - + {% if V3_FEATURE_LOCATIONS %} + + + + + {% else %} + {% comment %} TODO: Delete this after the move to Locations {% endcomment %} + + + + + {% endif %} {% endfor %} diff --git a/dojo/templates/dojo/system_settings.html b/dojo/templates/dojo/system_settings.html index 02510452e16..4ea772bc7a3 100644 --- a/dojo/templates/dojo/system_settings.html +++ b/dojo/templates/dojo/system_settings.html @@ -26,6 +26,9 @@

    Celery {{celery_status}}

    {{celery_msg}}
    +
    + {{celery_q_len}} +
    diff --git a/dojo/templates/dojo/test_pdf_report.html b/dojo/templates/dojo/test_pdf_report.html index 000b2acfa39..17af82137bc 100644 --- a/dojo/templates/dojo/test_pdf_report.html +++ b/dojo/templates/dojo/test_pdf_report.html @@ -2,7 +2,7 @@ {% load static %} {% load display_tags %} {% load humanize %} -{% load get_endpoint_status %} + {% load get_note_status %} {% load get_notetype_availability %} {% load event_tags %} diff --git a/dojo/templates/dojo/url/create.html b/dojo/templates/dojo/url/create.html new file mode 100644 index 00000000000..f67d0e58168 --- /dev/null +++ b/dojo/templates/dojo/url/create.html @@ -0,0 +1,24 @@ +{% extends "base.html" %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .chosen-container { + width: 70% !important; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +

    Create Endpoint

    + + {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
    +
    + +
    +
    + +{% endblock content %} diff --git a/dojo/templates/dojo/url/delete.html b/dojo/templates/dojo/url/delete.html new file mode 100644 index 00000000000..473feb247b3 --- /dev/null +++ b/dojo/templates/dojo/url/delete.html @@ -0,0 +1,38 @@ +{% extends "base.html" %} +{% block content %} + {{ block.super }} +

    + Delete Endpoint {{ location }} + {% if location.url.host_validation_failure %} + 🚩 + {% endif %} +

    +

    + Deleting this Endpoint will disassociate it with any findings and products and other relationships associated + with it. These relationships are listed below: +

    +
    +
    +

    Danger Zone

    +
    + {% if rels|length > 1 %} +
      + {{ rels|unordered_list }} +
    + {% else %} +

    No relationships found.

    + {% endif %} +
    + {% csrf_token %} + {{ form }} +
    + +
    + +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/url/list.html b/dojo/templates/dojo/url/list.html new file mode 100644 index 00000000000..d4511523fb5 --- /dev/null +++ b/dojo/templates/dojo/url/list.html @@ -0,0 +1,276 @@ +{% extends "base.html" %} +{% load navigation_tags %} +{% load display_tags %} +{% load authorization_tags %} +{% block content %} + {{ block.super }} +
    +
    +
    +
    +

    + {{ name }} +
    + + {% if product_tab and product_tab.product|has_object_permission:"Location_Add" %} + + + {% endif %} +
    +

    +
    +
    + {% include "dojo/filter_snippet.html" with form=filtered.form %} +
    +
    + {% if locations %} + +
    {% include "dojo/paging_snippet.html" with page=locations page_size=True %}
    +
    +
    Endpoint StatusMitigation TimeMitigatorAuditorAudit TimeMitigatorMitigation Time
    {{ endpoint }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_mitigated_time:finding|date }}{{ endpoint|endpoint_mitigator:finding|safe }}{{ endpoint.location }}{% if endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.auditor|safe }}{{ endpoint.audit_time|date }}{{ endpoint }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %}{{ endpoint.status }}{{ endpoint.mitigated_by|safe }}{{ endpoint.mitigated_time|date }}
    -
    		- {{ endpoint|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} - {% include "dojo/snippets/tags.html" with tags=endpoint.tags.all %} - {{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_date:finding|date }}{{ endpoint|endpoint_update_time:finding|date}} + {{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %} + {{ endpoint.status }}{{ endpoint.created|date }}{{ endpoint.audit_time|date}} + {{ endpoint.endpoint|url_shortener }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.endpoint.tags.all %} + {{ endpoint.status }}{{ endpoint.date|date }}{{ endpoint.last_modified|date}}
    Endpoint StatusMitigation TimeMitigatorAuditorAudit TimeMitigatorMitigation Time
    -
    		- {{ endpoint|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} - {% include "dojo/snippets/tags.html" with tags=endpoint.tags.all %} - {{ endpoint|endpoint_display_status:finding|safe }}{{ endpoint|endpoint_mitigated_time:finding|date }}{{ endpoint|endpoint_mitigator:finding|safe }} + {{ endpoint.location|url_shortener }}{% if endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.location.tags.all %} + {{ endpoint.status }}{{ endpoint.auditor|safe }}{{ endpoint.audit_time|date }} + {{ endpoint.endpoint|url_shortener }}{% if endpoint.endpoint.is_broken %} 🚩{% endif %} + {% include "dojo/snippets/tags.html" with tags=endpoint.endpoint.tags.all %} + {{ endpoint.status }}{{ endpoint.mitigated_by|safe }}{{ endpoint.mitigated_time|date }}
    + + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} + + {% endif %} + {% if host_view %} + + {% else %} + + {% endif %} + {% if not product_tab %}{% endif %} + + + + {% for location in locations %} + + {% if not product_tab or product_tab and product_tab.product|has_object_permission:"Location_Edit" %} + + {% endif %} + {% if host_view %} + + {% else %} + + {% endif %} + {% if not product_tab %} + + {% endif %} + + + + {% endfor %} +
    +
    + +
    +     		HostEndpointActive (Total) ProductsActive (Total) FindingsOverall Status
    +
    + +
    +     		+ {{ location.host|url_shortener }} + + {{ location|url_shortener }} + {% if location.host_validation_failure %} + 🚩 + {% endif %} + + {% include "dojo/snippets/tags.html" with tags=location.tags.all %} + + {% if host_view %} + {{ location.active_products }} + ({{ location.total_products }}) + {% else %} + {{ location.active_products }} + ({{ location.total_products }}) + {% endif %} + + {% if host_view %} + {{ location.active_findings }} + ({{ location.total_findings }}) + {% else %} + {{ location.active_findings }} + ({{ location.total_findings }}) + {% endif %} + {{ location.overall_status }}
    +
    +
    {% include "dojo/paging_snippet.html" with page=locations page_size=True %}
    + {% else %} + {% if host_view %} +
    +

    No hosts found.

    +
    + {% else %} +
    +

    No endpoints found.

    +
    + {% endif %} + {% endif %} +
    +
    +{% endblock content %} +{% block postscript %} + {{ block.super }} + + {% include "dojo/filter_js_snippet.html" %} +{% endblock postscript %} diff --git a/dojo/templates/dojo/url/update.html b/dojo/templates/dojo/url/update.html new file mode 100644 index 00000000000..3967bf18690 --- /dev/null +++ b/dojo/templates/dojo/url/update.html @@ -0,0 +1,24 @@ +{% extends "base.html" %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .chosen-container { + width: 70% !important; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +

    Edit Endpoint

    +
    + {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
    +
    + +
    +
    +
    +{% endblock content %} diff --git a/dojo/templates/dojo/url/view.html b/dojo/templates/dojo/url/view.html new file mode 100644 index 00000000000..69cfe001a04 --- /dev/null +++ b/dojo/templates/dojo/url/view.html @@ -0,0 +1,410 @@ +{% extends "base.html" %} +{% load navigation_tags %} +{% load humanize %} +{% load display_tags %} +{% load authorization_tags %} +{% load multiply %} +{% load static %} +{% block add_styles %} + {{ block.super }} + .graph {min-height: 158px;} + h3 { margin-top: 5px; margin-bottom: 5px; font-size: 20px; line-height: 22px;} + .tooltip-inner { + max-width: 650px; + } +{% endblock add_styles %} +{% block content %} + {{ block.super }} +
    +
    +
    +

    + {% if host_view %} + Host: {{ host|url_shortener }} + {% else %} + + Endpoint: {{ location|url_shortener }} + {% if location.host_validation_failure %} + 🚩 + {% endif %} + + {% endif %} +

    +
    +
    + + + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    +   + + Finding Age ({{ all_findings_count|apnumber }} + finding{{ all_findings_count|pluralize }}) + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    + {{ all_findings_count }} + + {% if not host_view %} + + {% else %} + + {% endif %} + endpoint finding{{ all_findings_count|pluralize }} + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +
    + Opened findings count by month +
    +
    +
    +
    + +
    +
    +
    + +
    + +
    +
    +
    +
    + {% if host_view %} +
    +

    Endpoints ({{ mitigated_location_count }} / {{ location_count }} Mitigated Endpoints)

    +
    + {% if locations %} + {% colgroup locations into 3 cols as grouped_items %} + + {% for row in grouped_items %} + + {% for item in row %} + + {% endfor %} + + {% endfor %} +
    + {% if item %} + + {% if item.overall_status == "Active" %} + + {% else %} + + {% endif %} +  {{ item|url_shortener }} + {% if location.url.host_validation_failure %} + 🚩 + {% endif %} + + {% endif %} +
    + {% else %} +
    No endpoints.
    + {% endif %} + {% else %} +
    +

    Host

    +
    +
    + {{ host|url_shortener }} +
    + {% endif %} +
    + {% if not host_view and location.tags.exists %} +
    +
    +

    Tags

    +
    +
    {% include "dojo/snippets/tags.html" with tags=location.tags.all %}
    +
    + {% endif %} + {% if not host_view and metadata %} +
    +
    +
    +
    +

    + Additional Information +
    + + + + + + +
    +

    +
    +
    + {% for key, value in metadata.items %} +
    + {{ key }} +
    + {{ value }} +
    +   +
    + {% endfor %} +
    +
    +
    +
    + {% endif %} +
    +
    +

    Open Findings ({{ active_findings_count }} / {{ all_findings_count }} Active Findings)

    +
    + {% if findings %} +
    + {% include "dojo/paging_snippet.html" with page=findings page_size=True %} +
    +
    + + + + + + + + + + + + + {% for finding in findings %} + + + + + + + + + {% endfor %} + +
    TitleSeverityEPSS Score / PercentileDateAgeFound by
    + {{ finding.title }} + + {{ finding.severity }} + + {{ finding.epss_score|format_epss }} + / + {{ finding.epss_percentile|format_epss }} + {{ finding.date }}{{ finding.age }} + {% for scanner in finding.found_by.all %}{{ scanner }}{% endfor %} +
    +
    +
    + {% include "dojo/paging_snippet.html" with page=findings page_size=True %} +
    + {% else %} +

    No findings found.

    + {% endif %} +
    + +{% endblock content %} +{% block postscript %} + {{ block.super }} + + + + + + + {% block metrics %} + + {% endblock metrics %} + +{% endblock postscript %} diff --git a/dojo/templates/dojo/view_endpoint.html b/dojo/templates/dojo/view_endpoint.html index 8fcdf39c60c..745de9a5a3d 100644 --- a/dojo/templates/dojo/view_endpoint.html +++ b/dojo/templates/dojo/view_endpoint.html @@ -51,7 +51,7 @@